borg

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

74% Freshness

63 Dependencies

4 Outdated

0 Stale

1.6 Avg Behind

Dependency List

Latest release 1.4.4

All 62 Outdated 10 Has CVE 1 GPL 0

Dependency	Type	Current	Latest	Behind	CVE	License
pip pypi	Direct	26.0.1	26.1.2	3 behind	2 medium	MIT
virtualenv pypi	Direct	20.39.1	21.4.2	14 behind	—	MIT
setuptools pypi	Direct	80.10.2	82.0.1	4 behind	—	MIT
types-pyyaml pypi	Direct	6.0.12.20260408	6.0.12.20260518	3 behind	—	Unknown
build pypi	Direct	1.4.3	1.5.0	2 behind	—	Unknown
coverage pypi	Direct	7.13.5	7.14.1	2 behind	—	Apache-2.0
cython pypi	Direct	3.2.4	3.2.5	1 behind	—	Apache-2.0 AND LicenseRef-scancode-other-permissive
pre-commit pypi	Direct	4.5.1	4.6.0	1 behind	—	MIT
pytest-cov pypi	Direct	7.0.0	7.1.0	1 behind	—	MIT
wheel pypi	Direct	0.46.3	0.47.0	1 behind	—	MIT
actions/attest-build-provenance githubactions	Direct	4..	—	—	—	Unknown
actions/cache githubactions	Direct	5..	—	—	—	Unknown
actions/checkout githubactions	Direct	6..	—	—	—	Unknown
actions/setup-python githubactions	Direct	6..	—	—	—	Unknown
actions/upload-artifact githubactions	Direct	7..	—	—	—	Unknown
argon2-cffi	Direct	—	—	—	—	Unknown
astral-sh/ruff-action githubactions	Direct	3..	—	—	—	Unknown
backports-zstd	Direct	—	—	—	—	Unknown
bandit	Direct	—	—	—	—	Unknown
black	Direct	>= 24.0,< 25	—	—	—	Unknown
borghash	Direct	—	—	—	—	Unknown
borgstore	Direct	—	—	—	—	Unknown
build	Direct	—	—	—	—	Unknown
codecov/codecov-action githubactions	Direct	6..	—	—	—	Unknown
coverage	Direct	—	—	—	—	Unknown
cross-platform-actions/action githubactions	Direct	1.0.0	—	—	—	Unknown
cython	Direct	—	—	—	—	Unknown
github/codeql-action/analyze githubactions	Direct	4..	—	—	—	Unknown
github/codeql-action/init githubactions	Direct	4..	—	—	—	Unknown
guzzle-sphinx-theme	Direct	—	—	—	—	Unknown
jsonargparse	Direct	>= 4.47.0	—	—	—	Unknown
korthout/backport-action githubactions	Direct	4..	—	—	—	Unknown
msgpack	Direct	>= 1.0.3,<= 1.1.2	—	—	—	Unknown
msys2/setup-msys2 githubactions	Direct	2..	—	—	—	Unknown
packaging	Direct	—	—	—	—	Unknown
pip	Direct	< 24.2 \|\| > 24.2	—	—	—	Unknown
pkgconfig pypi	Direct	1.6.0	—	—	—	Unknown
pkgconfig	Direct	—	—	—	—	Unknown
platformdirs	Direct	>= 2.6.0,< 5.0.0	—	—	—	Unknown
pre-commit	Direct	—	—	—	—	Unknown
psf/black githubactions	Direct	c6755bb741b6481d6b3d3bb563c83fa060db96c9	—	—	—	Unknown
pyinstaller pypi	Direct	6.19.0	—	—	—	Unknown
pytest pypi	Direct	9.0.3	9.0.3	Current	—	MIT
pytest	Direct	—	—	—	—	Unknown
pytest-benchmark pypi	Direct	5.2.3	5.2.3	Current	—	BSD-2-Clause
pytest-benchmark	Direct	—	—	—	—	Unknown
pytest-cov	Direct	—	—	—	—	Unknown
pytest-xdist pypi	Direct	3.8.0	3.8.0	Current	—	MIT
pytest-xdist	Direct	—	—	—	—	Unknown
pyyaml	Direct	>= 6.0.2	—	—	—	Unknown
setuptools	Direct	>= 78.1.1	—	—	—	Unknown
setuptools-scm pypi	Direct	9.2.2	—	—	—	MIT
setuptools-scm	Direct	—	—	—	—	Unknown
shtab	Direct	>= 1.8.0	—	—	—	Unknown
sphinx	Direct	—	—	—	—	Unknown
sphinxcontrib-jquery	Direct	—	—	—	—	Unknown
tox pypi	Direct	4.48.1	—	—	—	Unknown
tox	Direct	—	—	—	—	Unknown
types-pyyaml	Direct	—	—	—	—	Unknown
virtualenv	Direct	—	—	—	—	Unknown
wheel	Direct	—	—	—	—	Unknown
xxhash	Direct	>= 2.0.0	—	—	—	Unknown

License Breakdown

Unknown 50

MIT 9

Apache-2.0 1

Apache-2.0 AND LicenseRef-scancode-other-permissive 1

BSD-2-Clause 1

CVE Severity

critical 0

high 0

medium 1

low 0

unknown 0