Tools / doris / Dependencies

Dependency Analysis

doris

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

81% Freshness

1412 Dependencies

181 Outdated

0 Stale

4.5 Avg Behind

Dependency List

Latest release 4.1.0

All 1411 Outdated 247 Has CVE 45 GPL 22

Dependency	Type	Current	Latest	Behind	CVE	License
ch.qos.logback:logback-classic maven	Direct	1.2.10	—	—	1 high	LGPL-2.1
mysql:mysql-connector-java maven	Direct	5.1.26	—	—	7 high	GPL-2.0
com.puppycrawl.tools:checkstyle maven	Direct	8.14	—	—	2 medium	LGPL-2.1+
pycurl pypi	Direct	7.45.2	7.46.0	6 behind	—	GPL-3.0-or-later AND LGPL-2.1-only AND curl
r-efi cargo	Direct	5.3.0	6.0.0	1 behind	—	MIT OR Apache-2.0 OR LGPL-2.1-or-later
com.puppycrawl.tools:checkstyle maven	Direct	9.3	—	—	—	LGPL-2.1+
com.sun.activation:javax.activation maven	Direct	1.2.0	—	—	—	CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0
github.com/gorhill/cronexpr golang	Direct	0.0.0-20180427100037-88b0669f7d75	—	—	—	Apache-2.0 AND GPL-3.0-only
jakarta.annotation:jakarta.annotation-api maven	Direct	2.1.1	—	—	—	EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
javax.annotation:javax.annotation-api maven	Direct	1.3.2	—	—	—	CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0
javax.servlet:javax.servlet-api maven	Direct	3.1.0	—	—	—	CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0
javax.xml.ws:jaxws-api maven	Direct	2.3.0	—	—	—	CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0
kernel.org/pub/linux/libs/security/libcap/cap golang	Direct	1.2.57	—	—	—	BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-or-later) AND GPL-1.0-or-later AND GPL-2.0-only
kernel.org/pub/linux/libs/security/libcap/psx golang	Direct	1.2.57	—	—	—	BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-or-later) AND GPL-1.0-or-later AND GPL-2.0-only
mysql-connector-repackaged pypi	Direct	0.3.1	0.3.1	Current	—	GPL-2.0 AND GPL-2.0-only
mysql:mysql-connector-java maven	Direct	5.1.41	—	—	—	GPL-2.0
net.java.dev.jna:jna maven	Direct	5.13.0	—	—	—	Apache-2.0 OR LGPL-2.1-or-later
net.java.dev.jna:jna-platform maven	Direct	5.13.0	—	—	—	Apache-2.0 OR LGPL-2.1-or-later
org.javassist:javassist maven	Direct	3.18.2-GA	—	—	—	Apache-2.0 AND LGPL-2.1 AND LGPL-2.1-only AND MPL-1.1
org.mariadb.jdbc:mariadb-java-client maven	Direct	3.0.9	—	—	—	LGPL-2.1
org.sonarsource.scanner.maven:sonar-maven-plugin maven	Direct	3.9.1.2184	—	—	—	LGPL-3.0
r-efi cargo	Direct	6.0.0	6.0.0	Current	—	MIT OR Apache-2.0 OR LGPL-2.1-or-later

License Breakdown

Unknown 424

Apache-2.0 363

MIT OR Apache-2.0 230

MIT 159

BSD-3-Clause 40

Apache-2.0 OR MIT 26

Unicode-3.0 18

Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT 16

BSD-2-Clause 12

Unlicense OR MIT 10

MPL-2.0 9

Apache-2.0 AND MIT 8

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 8

ISC 8

EPL-2.0 6

Apache-2.0 OR ISC OR MIT 4

Apache-2.0 AND BSD-3-Clause AND MIT 3

LicenseRef-scancode-unknown-license-reference 3

Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 AND LicenseRef-scancode-generic-export-compliance AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-unknown-license-reference 2

Apache-2.0 OR LGPL-2.1-or-later 2

BSD-2-Clause AND BSD-3-Clause 2

BSD-2-Clause OR Apache-2.0 OR MIT 2

BSD-2-Clause-Views 2

BSD-3-Clause AND (BSD-3-Clause OR GPL-2.0-or-later) AND GPL-1.0-or-later AND GPL-2.0-only 2

BSD-3-Clause AND MIT 2

CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0 2

CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0 2

EPL-1.0 2

GPL-2.0 2

LGPL-2.1 2

LGPL-2.1+ 2

MIT OR Apache-2.0 OR LGPL-2.1-or-later 2

MIT OR Apache-2.0 OR Zlib 2

Zlib OR Apache-2.0 OR MIT 2

(MIT OR Apache-2.0) AND Apache-2.0 1

(MIT OR Apache-2.0) AND Unicode-3.0 1

0BSD 1

0BSD AND Apache-2.0 AND BSD-2-Clause AND MIT 1

Apache-2.0 AND BSD-3-Clause 1

Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 1

Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-protobuf AND LicenseRef-scancode-unknown-license-reference AND MIT 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND UPL-1.0 1

Apache-2.0 AND CC-BY-SA-4.0 1

Apache-2.0 AND CC-PDDC 1

Apache-2.0 AND EPL-1.0 AND EPL-2.0 1

Apache-2.0 AND GPL-3.0-only 1

Apache-2.0 AND ISC 1

Apache-2.0 AND LGPL-2.1 AND LGPL-2.1-only AND MPL-1.1 1

Apache-2.0 OR BSL-1.0 1

Apache-2.0 OR MIT OR MPL-2.0 1

CC0-1.0 1

CC0-1.0 OR MIT-0 OR Apache-2.0 1

CPL-1.0 1

EPL-2.0 OR BSD-3-Clause 1

EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0 1

GPL-2.0 AND GPL-2.0-only 1

GPL-3.0-or-later AND LGPL-2.1-only AND curl 1

ISC AND (Apache-2.0 OR ISC) 1

ISC AND (Apache-2.0 OR ISC) AND Apache-2.0 AND MIT AND BSD-3-Clause AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR ISC OR MIT-0) 1

LGPL-3.0 1

LicenseRef-scancode-elastic-license-2018 1

LicenseRef-scancode-unicode AND LicenseRef-scancode-unknown-license-reference AND Unicode-3.0 1

MIT OR BSD-3-Clause 1

Zlib 1

zlib-acknowledgement OR MIT 1

CVE Severity

critical 4

high 19

medium 13

low 6

unknown 3