Checkov

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

80% Freshness

315 Dependencies

41 Outdated

0 Stale

2.9 Avg Behind

Dependency List

Latest release 3.2.526

All 315 Outdated 63 Has CVE 33 GPL 3

Dependency	Type	Current	Latest	Behind	CVE	License
urllib3 pypi	Direct	1.26.20	2.7.0	9 behind	4 high	MIT
gitpython pypi	Direct	3.1.46	3.1.50	4 behind	4 high	BSD-3-Clause
orjson pypi	Direct	3.11.5	3.11.9	4 behind	1 high	Apache-2.0 AND MIT
pytest pypi	Direct	7.4.4	9.0.3	24 behind	1 medium	MIT
filelock pypi	Direct	3.19.1	3.29.1	20 behind	2 medium	Unlicense
requests pypi	Direct	2.26.0	2.34.2	20 behind	3 medium	Apache-2.0
requests pypi	Direct	2.32.5	2.34.2	6 behind	1 medium	Apache-2.0
coverage pypi	Direct	7.6.1	7.14.1	42 behind	—	Apache-2.0
numpy pypi	Direct	2.0.2	2.4.6	24 behind	—	BSD-2-Clause AND BSD-3-Clause
cachetools pypi	Direct	5.5.2	7.1.4	21 behind	—	MIT
setuptools pypi	Direct	78.1.1	82.0.1	21 behind	—	MIT
pytest-asyncio pypi	Direct	0.23.8	1.4.0	19 behind	—	Apache-2.0
s3transfer pypi	Direct	0.10.4	0.18.0	16 behind	—	Apache-2.0
importlib-metadata pypi	Direct	7.2.1	9.0.0	12 behind	—	Apache-2.0
platformdirs pypi	Direct	4.4.0	4.10.0	12 behind	—	MIT
virtualenv pypi	Direct	21.2.0	21.4.2	11 behind	—	MIT
pydantic pypi	Direct	2.12.5	2.13.4	10 behind	—	MIT
click pypi	Direct	8.1.8	8.4.1	9 behind	—	BSD-2-Clause AND BSD-3-Clause
pydantic-core pypi	Direct	2.41.5	2.47.0	9 behind	—	MIT
types-cachetools pypi	Direct	5.5.0.20240820	7.0.0.20260518	8 behind	—	Apache-2.0
types-requests pypi	Direct	2.32.4.20260107	2.33.0.20260518	8 behind	—	Apache-2.0 AND MIT
mypy pypi	Direct	1.19.1	2.1.0	5 behind	—	BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1
pytest-benchmark pypi	Direct	5.0.1	5.2.3	5 behind	—	BSD-2-Clause
python-discovery pypi	Direct	1.2.1	1.4.0	5 behind	—	Unknown
regex pypi	Direct	2026.1.15	2026.5.9	5 behind	—	CNRI-Python AND Apache-2.0
aiodns pypi	Direct	3.6.1	4.0.4	4 behind	—	MIT
identify pypi	Direct	2.6.15	2.6.19	4 behind	—	MIT
rpds-py pypi	Direct	0.27.1	2026.5.1	4 behind	—	MIT
types-pyyaml pypi	Direct	6.0.12.20250915	6.0.12.20260518	4 behind	—	Apache-2.0 AND MIT
librt pypi	Direct	0.8.1	0.11.0	3 behind	—	BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1
markdown-it-py pypi	Direct	3.0.0	4.2.0	3 behind	—	MIT
schema pypi	Direct	0.7.5	0.7.8	3 behind	—	MIT
time-machine pypi	Direct	2.19.0	3.2.0	3 behind	—	MIT
types-tabulate pypi	Direct	0.9.0.20241207	0.10.0.20260508	3 behind	—	Apache-2.0 AND MIT
asteval pypi	Direct	1.0.6	1.0.8	2 behind	—	MIT
certifi pypi	Direct	2026.2.25	2026.5.20	2 behind	—	MPL-2.0
decorator pypi	Direct	5.2.1	5.3.1	2 behind	—	BSD-2-Clause AND BSD-3-Clause
importlib-resources pypi	Direct	6.5.2	7.1.0	2 behind	—	Apache-2.0
iniconfig pypi	Direct	2.1.0	2.3.0	2 behind	—	MIT
pathspec pypi	Direct	1.0.4	1.1.1	2 behind	—	MPL-2.0
pycares pypi	Direct	4.11.0	5.0.1	2 behind	—	MIT
pytest-cov pypi	Direct	6.3.0	7.1.0	2 behind	—	MIT
rich pypi	Direct	14.3.3	15.0.0	2 behind	—	MIT
types-colorama pypi	Direct	0.4.15.20250801	0.4.15.20260508	2 behind	—	Apache-2.0
yarl pypi	Direct	1.22.0	1.24.2	2 behind	—	Apache-2.0
zipp pypi	Direct	3.23.0	4.1.0	2 behind	—	MIT
aiohappyeyeballs pypi	Direct	2.6.1	2.6.2	1 behind	—	0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0
aiohttp pypi	Direct	3.13.5	3.14.0	1 behind	—	Apache-2.0 AND MIT
botocore-stubs pypi	Direct	1.42.41	1.43.14	1 behind	—	Unknown
cfgv pypi	Direct	3.4.0	3.5.0	1 behind	—	MIT
distlib pypi	Direct	0.4.0	0.4.1	1 behind	—	PSF-2.0 AND Python-2.0
jsonschema pypi	Direct	4.25.1	4.26.0	1 behind	—	MIT
ms npm	Transitive	2.1.2	2.1.3	1 behind	—	MIT
pause npm	Transitive	0.0.1	0.1.0	1 behind	—	MIT
prettytable pypi	Direct	3.16.0	3.17.0	1 behind	—	BSD-3-Clause
propcache pypi	Direct	0.4.1	0.5.2	1 behind	—	Apache-2.0
referencing pypi	Direct	0.36.2	0.37.0	1 behind	—	MIT
responses pypi	Direct	0.26.0	0.26.1	1 behind	—	Apache-2.0
smmap pypi	Direct	5.0.3	6.0.0	1 behind	—	BSD-3-Clause
soupsieve pypi	Direct	2.8.3	2.8.4	1 behind	—	MIT
tabulate pypi	Direct	0.9.0	0.10.0	1 behind	—	MIT
types-awscrt pypi	Direct	0.31.3	0.33.0	1 behind	—	Unknown
wcwidth pypi	Direct	0.6.0	0.7.0	1 behind	—	MIT AND HPND-Markus-Kuhn

License Breakdown

MIT 105

Unknown 92

Apache-2.0 50

BSD-3-Clause 16

BSD-2-Clause AND BSD-3-Clause 11

Apache-2.0 AND MIT 5

BSD-2-Clause 5

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 3

MPL-2.0 3

BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1 2

BSD-3-Clause AND MIT 2

MIT AND MPL-2.0 2

MIT AND Python-2.0 2

Unlicense 2

0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1

Apache-2.0 AND BSD-2-Clause 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND GPL-1.0-or-later AND LicenseRef-scancode-other-copyleft AND PSF-2.0 AND Python-2.0 1

Apache-2.0 AND MIT AND MPL-2.0 1

BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1

BSD-2-Clause-FreeBSD AND BSD-2-Clause-Views 1

BSD-2-Clause-Views 1

CNRI-Python AND Apache-2.0 1

LicenseRef-scancode-unknown 1

MIT AND HPND-Markus-Kuhn 1

MIT-0 1

PSF-2.0 1

PSF-2.0 AND Python-2.0 1

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

CVE Severity

critical 5

high 13

medium 13

low 2

unknown 0