Dependency Analysis
BentoML
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
88%
Freshness
76
Dependencies
2
Outdated
0
Stale
124.5
Avg Behind
Dependency List
Latest release v1.4.38
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
scikit-learn
pypi
|
Direct | 0.20.3 | 1.9.0 | 47 behind | 3 critical | BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference |
|
aws-sam-cli
pypi
|
Direct | 0.33.1 | 1.161.1 | 208 behind | 3 medium | Apache-2.0 |
|
a2wsgi
|
Direct | >= 1.10.7 | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/download-artifact
githubactions
|
Direct | 8.*.* | — | — | — | Unknown |
|
actions/setup-python
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/upload-artifact
githubactions
|
Direct | 7.*.* | — | — | — | Unknown |
|
aiohttp
|
Direct | — | — | — | — | Unknown |
|
aiohttp-asgi-connector
|
Direct | >= 1.1.2 | — | — | — | Unknown |
|
aiosqlite
|
Direct | >= 0.20.0 | — | — | — | Unknown |
|
astral-sh/setup-uv
githubactions
|
Direct | 7.*.* | — | — | — | Unknown |
|
attrs
|
Direct | >= 22.2.0 | — | — | — | Unknown |
|
azure-cli
|
Direct | — | — | — | — | Unknown |
|
bentoml
|
Direct | — | — | — | — | Unknown |
|
cattrs
|
Direct | >= 22.1.0,< 23.2.0 | — | — | — | Unknown |
|
click
|
Direct | >= 7.0 | — | — | — | Unknown |
|
click-option-group
|
Direct | — | — | — | — | Unknown |
|
cloudpickle
|
Direct | >= 2.0.0 | — | — | — | Unknown |
|
docker/setup-buildx-action
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
docker/setup-qemu-action
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
fastapi
|
Direct | — | — | — | — | Unknown |
|
fsspec
|
Direct | >= 2025.7.0 | — | — | — | Unknown |
|
github/codeql-action/analyze
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
github/codeql-action/autobuild
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
github/codeql-action/init
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
httpx
|
Direct | — | — | — | — | Unknown |
|
httpx-ws
|
Direct | >= 0.6.0 | — | — | — | Unknown |
|
jinja2
|
Direct | >= 3.0.1 | — | — | — | Unknown |
|
kantoku
|
Direct | >= 0.18.3 | — | — | — | Unknown |
|
marocchino/sticky-pull-request-comment
githubactions
|
Direct | 3.*.* | — | — | — | Unknown |
|
mlflow
|
Direct | — | — | — | — | Unknown |
|
numpy
|
Direct | — | — | — | — | Unknown |
|
nvidia-ml-py
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-api
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-instrumentation
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-instrumentation-aiohttp-client
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-instrumentation-asgi
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-sdk
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-semantic-conventions
|
Direct | — | — | — | — | Unknown |
|
opentelemetry-util-http
|
Direct | — | — | — | — | Unknown |
|
packaging
|
Direct | >= 22.0 | — | — | — | Unknown |
|
pandas
|
Direct | >= 1.1.1 | — | — | — | Unknown |
|
pandas
|
Direct | — | — | — | — | Unknown |
|
pathspec
|
Direct | — | — | — | — | Unknown |
|
pdm-project/setup-pdm
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
pillow
|
Direct | — | — | — | — | Unknown |
|
pip-requirements-parser
|
Direct | >= 31.2.0 | — | — | — | Unknown |
|
prometheus-client
|
Direct | >= 0.10.0 | — | — | — | Unknown |
|
psutil
|
Direct | >= 5.8.0 | — | — | — | Unknown |
|
psutil
|
Direct | — | — | — | — | Unknown |
|
psycopg2-binary
|
Direct | — | — | — | — | Unknown |
|
pyarrow
|
Direct | — | — | — | — | Unknown |
|
pydantic
|
Direct | >= 2 | — | — | — | Unknown |
|
pydantic
|
Direct | < 3 | — | — | — | Unknown |
|
pypa/gh-action-pypi-publish
githubactions
|
Direct | release/v1 | — | — | — | Unknown |
|
python-dateutil
|
Direct | — | — | — | — | Unknown |
|
python-json-logger
|
Direct | — | — | — | — | Unknown |
|
python-multipart
|
Direct | — | — | — | — | Unknown |
|
pyyaml
|
Direct | >= 5.0 | — | — | — | Unknown |
|
re-actors/alls-green
githubactions
|
Direct | release/v1 | — | — | — | Unknown |
|
rich
|
Direct | >= 11.2.0 | — | — | — | Unknown |
|
rich-toolkit
|
Direct | >= 0.15.1 | — | — | — | Unknown |
|
schema
|
Direct | — | — | — | — | Unknown |
|
scikit-learn
|
Direct | >= 0.23.2 | — | — | — | Unknown |
|
scikit-learn
|
Direct | — | — | — | — | Unknown |
|
scikit-learn
|
Direct | >= 1.0.2 | — | — | — | Unknown |
|
simple-di
|
Direct | >= 0.1.4 | — | — | — | Unknown |
|
starlette
|
Direct | >= 0.24.0 | — | — | — | Unknown |
|
tomli
|
Direct | >= 1.1.0 | — | — | — | Unknown |
|
tomli-w
|
Direct | — | — | — | — | Unknown |
|
torch
|
Direct | — | — | — | — | Unknown |
|
transformers
|
Direct | < 4.54 | — | — | — | Unknown |
|
transformers
|
Direct | < 4.54.0 | — | — | — | Unknown |
|
uvicorn
|
Direct | >= 0.22.0 | — | — | — | Unknown |
|
watchfiles
|
Direct | >= 0.15.0 | — | — | — | Unknown |
License Breakdown
Unknown
73
Apache-2.0
1
BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
1
CVE Severity
critical
1
high
0
medium
1
low
0
unknown
0