Skip to content
Tools / kinto / Dependencies

Dependency Analysis

kinto

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
76% Freshness
237 Dependencies
46 Outdated
0 Stale
2.1 Avg Behind

Dependency List

Latest release 26.1.0

All 238 Outdated 63 Has CVE 13 GPL 7
Dependency Type Current Latest Behind CVE License
h11
pypi
 Direct 0.14.0 0.16.0 2 behind 1 critical MIT
werkzeug
pypi
 Direct 3.0.1 3.1.8 15 behind 6 high BSD-2-Clause AND BSD-3-Clause
pytest
pypi
 Direct 7.4.4 9.0.3 24 behind 1 medium MIT
requests
pypi
 Direct 2.31.0 2.34.2 12 behind 3 medium Apache-2.0
pip
pypi
 Transitive 26.0.1 26.1.2 3 behind 2 medium MIT
sqlalchemy
pypi
 Direct 2.0.25 2.0.50 31 behind MIT
google-auth
pypi
 Transitive 2.48.0 3.0.0.dev0 21 behind Apache-2.0
sentry-sdk
pypi
 Direct 2.53.0 2.61.1 16 behind Unknown
beautifulsoup4
pypi
 Direct 4.12.3 4.14.3 12 behind MIT
trio
pypi
 Direct 0.24.0 0.33.0 12 behind Apache-2.0 OR (Apache-2.0 AND MIT)
ty
pypi
 Direct 0.0.33 0.0.43 10 behind Unknown
protobuf
pypi
 Transitive 6.33.5 7.35.0 9 behind BSD-3-Clause AND LicenseRef-scancode-protobuf
pytest-cov
pypi
 Direct 4.1.0 7.1.0 9 behind MIT
attrs
pypi
 Direct 23.2.0 26.1.0 8 behind MIT
charset-normalizer
pypi
 Direct 3.3.2 3.4.7 8 behind LGPL-2.1-only AND MIT AND MPL-1.1
jsonschema
pypi
 Direct 4.21.1 4.26.0 7 behind MIT
simplejson
pypi
 Direct 3.19.2 4.1.1 6 behind MIT AND AFL-3.0
tomli
pypi
 Direct 2.0.1 2.4.1 6 behind MIT
greenlet
pypi
 Transitive 3.3.1 3.5.1 5 behind MIT AND PSF-2.0
click
pypi
 Transitive 8.3.1 8.4.1 4 behind BSD-3-Clause
google-api-core
pypi
 Transitive 2.30.0 2.31.0 4 behind Apache-2.0
google-resumable-media
pypi
 Transitive 2.8.0 2.10.0 4 behind Apache-2.0
googleapis-common-protos
pypi
 Transitive 1.72.0 1.75.0 4 behind Apache-2.0
more-itertools
pypi
 Transitive 10.8.0 11.1.0 4 behind MIT
requests
pypi
 Direct 2.33.1 2.34.2 4 behind Apache-2.0
certifi
pypi
 Transitive 2026.1.4 2026.5.20 3 behind MPL-2.0
charset-normalizer
pypi
 Transitive 3.4.4 3.4.7 3 behind MIT
coverage
pypi
 Transitive 7.13.4 7.14.1 3 behind Apache-2.0
google-cloud-storage
pypi
 Transitive 3.9.0 3.11.0 3 behind Apache-2.0
iniconfig
pypi
 Direct 2.0.0 2.3.0 3 behind MIT
jsonschema-specifications
pypi
 Direct 2023.12.1 2025.9.1 3 behind MIT
pluggy
pypi
 Direct 1.3.0 1.6.0 3 behind MIT
pyyaml
pypi
 Direct 6.0.1 6.0.3 3 behind MIT
redis
pypi
 Direct 7.4.0 8.0.0 3 behind Unknown
rich
pypi
 Transitive 14.3.2 15.0.0 3 behind MIT
ruff
pypi
 Direct 0.15.12 0.15.15 3 behind MIT
setuptools
pypi
 Direct 81.0.0 82.0.1 3 behind MIT
simplejson
pypi
 Transitive 3.20.2 4.1.1 3 behind (AFL-2.1 AND MIT AND Python-2.0) OR (AFL-2.1 AND MIT)
trio-websocket
pypi
 Direct 0.11.1 0.12.2 3 behind MIT
wsproto
pypi
 Direct 1.2.0 1.3.2 3 behind MIT
cryptography
pypi
 Transitive 46.0.7 48.0.0 2 behind BSD-3-Clause OR Apache-2.0
docutils
pypi
 Direct 0.22.4 0.23.0 2 behind BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain
google-cloud-core
pypi
 Transitive 2.5.0 2.6.0 2 behind Apache-2.0
importlib-metadata
pypi
 Transitive 8.7.1 9.0.0 2 behind Apache-2.0
importlib-resources
pypi
 Transitive 6.5.2 7.1.0 2 behind Apache-2.0
jaraco-context
pypi
 Transitive 6.1.0 6.1.2 2 behind Unknown
jsonpointer
pypi
 Transitive 3.0.0 3.1.1 2 behind BSD-3-Clause
markdown-it-py
pypi
 Transitive 4.0.0 4.2.0 2 behind MIT
nh3
pypi
 Transitive 0.3.3 0.3.5 2 behind MIT
proto-plus
pypi
 Transitive 1.27.1 1.28.0 2 behind Apache-2.0
pyproject-hooks
pypi
 Direct 1.0.0 1.2.0 2 behind MIT
python-dateutil
pypi
 Direct 2.8.2 2.9.0.post0 2 behind Apache-2.0
sqlalchemy
pypi
 Direct 2.0.49 2.0.50 2 behind MIT
zipp
pypi
 Transitive 3.23.0 4.1.0 2 behind MIT
arrow
pypi
 Direct 1.3.0 1.4.0 1 behind Apache-2.0
attrs
pypi
 Transitive 25.4.0 26.1.0 1 behind MIT
jaraco-functools
pypi
 Transitive 4.4.0 4.5.0 1 behind Unknown
playwright
pypi
 Direct 1.59.0 1.60.0 1 behind Unknown
rpds-py
pypi
 Transitive 0.30.0 2026.5.1 1 behind MIT
six
pypi
 Direct 1.16.0 1.17.0 1 behind MIT
soupsieve
pypi
 Transitive 2.8.3 2.8.4 1 behind MIT
tomli
pypi
 Transitive 2.4.0 2.4.1 1 behind MIT
urllib3
pypi
 Transitive 2.6.3 2.7.0 1 behind MIT

License Breakdown

MIT 76
Unknown 48
Apache-2.0 42
BSD-3-Clause 15
BSD-2-Clause AND BSD-3-Clause 9
MPL-2.0 6
ZPL-2.1 4
Apache-2.0 AND BSD-2-Clause 3
BSD-2-Clause 3
Apache-2.0 OR (Apache-2.0 AND MIT) 2
BSD-3-Clause-Modification 2
MIT AND OFL-1.1 2
(AFL-2.1 AND MIT AND Python-2.0) OR (AFL-2.1 AND MIT) 1
AGPL-3.0-or-later AND MPL-2.0 1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1
Apache-2.0 AND GPL-1.0-or-later AND MIT 1
BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain 1
BSD-2-Clause AND BSD-3-Clause AND MIT 1
BSD-2-Clause AND BSD-3-Clause-Modification 1
BSD-2-Clause AND MIT 1
BSD-3-Clause AND LicenseRef-scancode-protobuf 1
BSD-3-Clause OR Apache-2.0 1
ISC 1
LGPL-2.0-or-later AND LGPL-3.0-or-later 1
LGPL-2.1-only AND MIT AND MPL-1.1 1
LGPL-3.0-or-later WITH openvpn-openssl-exception 1
MIT AND AFL-3.0 1
MIT AND MPL-2.0 1
MIT AND PSF-2.0 1
MIT AND Python-2.0 1
MIT AND ZPL-2.1 1
MIT-0 1
PSF-2.0 1
Python-2.0 1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1
Python-2.0 AND Python-2.0 AND BSD-3-Clause AND Python-2.0.1 1
Python-2.0.1 1
ZPL-2.0 1

CVE Severity

critical 2
high 4
medium 6
low 1
unknown 0

Beta — feedback welcome: [email protected]