Dependency Analysis
riven
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
62%
Freshness
167
Dependencies
47
Outdated
0
Stale
4.7
Avg Behind
Dependency List
Latest release v0.23.6
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
starlette
pypi
|
Direct | 0.37.2 | 1.2.1 | 44 behind | 2 high | BSD-2-Clause AND BSD-3-Clause |
|
python-multipart
pypi
|
Direct | 0.0.21 | 0.0.30 | 9 behind | 3 high | Apache-2.0 |
|
black
pypi
|
Direct | 25.11.0 | 26.5.1 | 7 behind | 1 high | MIT |
|
lxml
pypi
|
Direct | 5.4.0 | 6.1.1 | 7 behind | 1 high | BSD-3-Clause AND GPL-1.0-or-later |
|
orjson
pypi
|
Direct | 3.11.4 | 3.11.9 | 5 behind | 1 high | Apache-2.0 AND MIT |
|
urllib3
pypi
|
Direct | 2.5.0 | 2.7.0 | 5 behind | 3 high | MIT |
|
mako
pypi
|
Direct | 1.3.10 | 1.3.12 | 2 behind | 2 high | MIT |
|
filelock
pypi
|
Direct | 3.20.0 | 3.29.1 | 19 behind | 2 medium | Unlicense |
|
virtualenv
pypi
|
Direct | 20.35.4 | 21.4.2 | 19 behind | 1 medium | MIT |
|
requests
pypi
|
Direct | 2.32.5 | 2.34.2 | 6 behind | 1 medium | Apache-2.0 |
|
pytest
pypi
|
Direct | 8.4.2 | 9.0.3 | 4 behind | 1 medium | MIT |
|
python-dotenv
pypi
|
Direct | 1.2.1 | 1.2.2 | 1 behind | 1 medium | BSD-3-Clause |
|
pygments
pypi
|
Direct | 2.19.2 | 2.20.0 | 1 behind | 1 low | BSD-2-Clause |
|
fastapi
pypi
|
Direct | 0.110.3 | 0.136.3 | 96 behind | — | MIT |
|
ruff
pypi
|
Direct | 0.13.3 | 0.15.15 | 31 behind | — | MIT |
|
opentelemetry-api
pypi
|
Direct | 1.25.0 | 1.42.1 | 26 behind | — | Apache-2.0 |
|
opentelemetry-sdk
pypi
|
Direct | 1.25.0 | 1.42.1 | 26 behind | — | Apache-2.0 |
|
uvicorn
pypi
|
Direct | 0.30.6 | 0.49.0 | 25 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
wrapt
pypi
|
Direct | 2.0.1 | 2.2.1 | 24 behind | — | BSD-2-Clause AND BSD-3-Clause AND MIT AND Python-2.0 AND Ruby |
|
cachetools
pypi
|
Direct | 5.5.2 | 7.1.4 | 21 behind | — | MIT |
|
importlib-metadata
pypi
|
Direct | 7.1.0 | 9.0.0 | 14 behind | — | Apache-2.0 |
|
chardet
pypi
|
Direct | 5.2.0 | 7.4.3 | 13 behind | — | LGPL-2.1-or-later |
|
coverage
pypi
|
Direct | 7.11.3 | 7.14.1 | 11 behind | — | Apache-2.0 |
|
platformdirs
pypi
|
Direct | 4.5.0 | 4.10.0 | 11 behind | — | MIT |
|
pydantic
pypi
|
Direct | 2.12.4 | 2.13.4 | 11 behind | — | MIT |
|
prometheus-client
pypi
|
Direct | 0.20.0 | 0.25.0 | 9 behind | — | Apache-2.0 AND BSD-2-Clause |
|
pydantic-core
pypi
|
Direct | 2.41.5 | 2.47.0 | 9 behind | — | MIT |
|
sqlalchemy
pypi
|
Direct | 2.0.44 | 2.0.50 | 8 behind | — | MIT |
|
greenlet
pypi
|
Direct | 3.2.4 | 3.5.1 | 7 behind | — | MIT AND PSF-2.0 AND Python-2.0 |
|
mypy
pypi
|
Direct | 1.18.2 | 2.1.0 | 7 behind | — | MIT AND Python-2.0 AND Python-2.0.1 |
|
pathspec
pypi
|
Direct | 0.12.1 | 1.1.1 | 7 behind | — | MPL-2.0 |
|
regex
pypi
|
Direct | 2025.11.3 | 2026.5.9 | 7 behind | — | CNRI-Python AND Apache-2.0 |
|
alembic
pypi
|
Direct | 1.17.1 | 1.18.4 | 6 behind | — | MIT |
|
isort
pypi
|
Direct | 5.13.2 | 8.0.1 | 6 behind | — | MIT |
|
responses
pypi
|
Direct | 0.25.3 | 0.26.1 | 6 behind | — | Apache-2.0 |
|
certifi
pypi
|
Direct | 2025.10.5 | 2026.5.20 | 5 behind | — | MPL-2.0 |
|
click
pypi
|
Direct | 8.3.0 | 8.4.1 | 5 behind | — | BSD-3-Clause |
|
requests-cache
pypi
|
Direct | 1.2.1 | 1.3.2 | 5 behind | — | BSD-2-Clause |
|
identify
pypi
|
Direct | 2.6.15 | 2.6.19 | 4 behind | — | MIT |
|
types-html5lib
pypi
|
Direct | 1.1.11.20251117 | 1.1.11.20260518 | 4 behind | — | Apache-2.0 AND MIT |
|
anyio
pypi
|
Direct | 4.11.0 | 4.13.0 | 3 behind | — | MIT |
|
charset-normalizer
pypi
|
Direct | 3.4.4 | 3.4.7 | 3 behind | — | MIT |
|
httpx
pypi
|
Direct | 0.28.1 | 1.0.0.dev3 | 3 behind | — | BSD-3-Clause |
|
pre-commit
pypi
|
Direct | 4.4.0 | 4.6.0 | 3 behind | — | MIT |
|
psutil
pypi
|
Direct | 7.1.3 | 7.2.2 | 3 behind | — | BSD-3-Clause |
|
pyright
pypi
|
Direct | 1.1.407 | 1.1.410 | 3 behind | — | MIT |
|
rpds-py
pypi
|
Direct | 0.28.0 | 2026.5.1 | 3 behind | — | MIT |
|
decorator
pypi
|
Direct | 5.2.1 | 5.3.1 | 2 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
dill
pypi
|
Direct | 0.3.9 | 0.4.1 | 2 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
pytokens
pypi
|
Direct | 0.3.0 | 0.4.1 | 2 behind | — | MIT |
|
tomlkit
pypi
|
Direct | 0.13.3 | 0.15.0 | 2 behind | — | MIT |
|
zipp
pypi
|
Direct | 3.23.0 | 4.1.0 | 2 behind | — | MIT |
|
attrs
pypi
|
Direct | 25.4.0 | 26.1.0 | 1 behind | — | MIT |
|
babel
pypi
|
Direct | 2.17.0 | 2.18.0 | 1 behind | — | BSD-3-Clause |
|
beautifulsoup4
pypi
|
Direct | 4.14.2 | 4.14.3 | 1 behind | — | MIT |
|
cfgv
pypi
|
Direct | 3.4.0 | 3.5.0 | 1 behind | — | MIT |
|
cssselect
pypi
|
Direct | 1.3.0 | 1.4.0 | 1 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
distlib
pypi
|
Direct | 0.4.0 | 0.4.1 | 1 behind | — | PSF-2.0 AND Python-2.0 |
|
httptools
pypi
|
Direct | 0.7.1 | 0.8.0 | 1 behind | — | MIT |
|
jsonschema
pypi
|
Direct | 4.25.1 | 4.26.0 | 1 behind | — | MIT |
|
nodeenv
pypi
|
Direct | 1.9.1 | 1.10.0 | 1 behind | — | BSD-2-Clause AND BSD-3-Clause |
|
psycopg2-binary
pypi
|
Direct | 2.9.11 | 2.9.12 | 1 behind | — | LGPL-2.0-or-later AND LGPL-3.0-or-later |
|
rapidfuzz
pypi
|
Direct | 3.14.3 | 3.14.5 | 1 behind | — | MIT |
|
trio
pypi
|
Direct | 0.32.0 | 0.33.0 | 1 behind | — | Apache-2.0 AND MIT |
|
types-webencodings
pypi
|
Direct | 0.5.0.20251108 | 0.5.0.20260408 | 1 behind | — | Apache-2.0 AND MIT |
|
url-normalize
pypi
|
Direct | 2.2.1 | 3.0.0 | 1 behind | — | MIT |
|
watchfiles
pypi
|
Direct | 1.1.1 | 1.2.0 | 1 behind | — | MIT |
|
websockets
pypi
|
Direct | 15.0.1 | 16.0.0 | 1 behind | — | BSD-3-Clause |
|
actions/checkout
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 3.*.* | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 4.1.2 | — | — | — | Unknown |
|
actions/setup-python
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
annotated-types
pypi
|
Direct | 0.7.0 | 0.7.0 | Current | — | MIT |
|
apprise
pypi
|
Direct | 1.9.5 | — | — | — | BSD-2-Clause |
|
apscheduler
pypi
|
Direct | 3.11.1 | — | — | — | MIT |
|
arrow
pypi
|
Direct | 1.4.0 | 1.4.0 | Current | — | Apache-2.0 |
|
astral-sh/setup-uv
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
async-generator
pypi
|
Direct | 1.10 | 1.10.0 | — | — | (Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT) |
|
babelfish
pypi
|
Direct | 0.6.1 | — | — | — | BSD-2-Clause AND BSD-3-Clause |
|
bencodepy
pypi
|
Direct | 0.9.5 | — | — | — | GPL-2.0-only |
|
cattrs
pypi
|
Direct | 25.3.0 | — | — | — | MIT |
|
cffi
pypi
|
Direct | 2.0.0 | 2.0.0 | Current | — | MIT-0 |
|
click-option-group
pypi
|
Direct | 0.5.9 | 0.5.9 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
codecov
pypi
|
Direct | 2.1.13 | 2.1.13 | Current | — | Apache-2.0 |
|
colorama
pypi
|
Direct | 0.4.6 | 0.4.6 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
defusedxml
pypi
|
Direct | 0.7.1 | 0.7.1 | Current | — | PSF-2.0 |
|
deprecated
pypi
|
Direct | 1.3.1 | 1.3.1 | Current | — | MIT |
|
docker
pypi
|
Direct | 7.1.0 | 7.1.0 | Current | — | Apache-2.0 |
|
docker/build-push-action
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
docker/login-action
githubactions
|
Direct | 3.1.0 | — | — | — | Unknown |
|
docker/metadata-action
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
docker/setup-buildx-action
githubactions
|
Direct | 3.2.0 | — | — | — | Unknown |
|
docker/setup-qemu-action
githubactions
|
Direct | 3.*.* | — | — | — | Unknown |
|
dogpile-cache
pypi
|
Direct | 1.5.0 | — | — | — | Unknown |
|
enzyme
pypi
|
Direct | 0.5.2 | — | — | — | MIT |
|
googleapis/release-please-action
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
guessit
pypi
|
Direct | 3.8.0 | — | — | — | GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only |
|
h11
pypi
|
Direct | 0.16.0 | 0.16.0 | Current | — | MIT |
|
h2
pypi
|
Direct | 4.3.0 | 4.3.0 | Current | — | MIT |
|
hpack
pypi
|
Direct | 4.1.0 | 4.1.0 | Current | — | MIT |
|
httpcore
pypi
|
Direct | 1.0.9 | 1.0.9 | Current | — | BSD-2-Clause AND BSD-3-Clause |
|
hyperframe
pypi
|
Direct | 6.1.0 | 6.1.0 | Current | — | MIT |
|
idna
pypi
|
Direct | 3.11 | 3.18.0 | — | — | BSD-3-Clause |
|
iniconfig
pypi
|
Direct | 2.3.0 | 2.3.0 | Current | — | MIT |
|
jakebailey/pyright-action
githubactions
|
Direct | 1.*.* | — | — | — | Unknown |
|
jdk4py
pypi
|
Direct | 21.0.8.0 | — | — | — | Unknown |
|
jsonschema-specifications
pypi
|
Direct | 2025.9.1 | 2025.9.1 | Current | — | MIT |
|
kink
pypi
|
Direct | 0.8.1 | — | — | — | MIT |
|
knowit
pypi
|
Direct | 0.5.11 | — | — | — | Unknown |
|
lazy-imports
pypi
|
Direct | 1.1.0 | — | — | — | Apache-2.0 |
|
levenshtein
pypi
|
Direct | 0.27.3 | — | — | — | GPL-2.0-or-later |
|
loguru
pypi
|
Direct | 0.7.3 | 0.7.3 | Current | — | MIT |
|
markdown
pypi
|
Direct | 3.10 | 3.10.2 | — | — | BSD-3-Clause |
|
markupsafe
pypi
|
Direct | 3.0.3 | 3.0.3 | Current | — | BSD-3-Clause |
|
mypy-extensions
pypi
|
Direct | 1.1.0 | 1.1.0 | Current | — | MIT |
|
oauthlib
pypi
|
Direct | 3.3.1 | 3.3.1 | Current | — | BSD-3-Clause |
|
openapi-generator-cli
pypi
|
Direct | 7.17.0 | — | — | — | Unknown |
|
opentelemetry-exporter-prometheus
pypi
|
Direct | 0.46b0 | — | — | — | Apache-2.0 |
|
opentelemetry-semantic-conventions
pypi
|
Direct | 0.46b0 | 0.63.0b1 | — | — | Apache-2.0 |
|
ordered-set
pypi
|
Direct | 4.1.0 | 4.1.0 | Current | — | MIT |
|
outcome
pypi
|
Direct | 1.3.0.post0 | 1.3.0.post0 | Current | — | Apache-2.0 OR (Apache-2.0 AND MIT) |
|
packaging
pypi
|
Direct | 25.0 | 26.2.0 | — | — | Apache-2.0 AND BSD-2-Clause |
|
parsett
pypi
|
Direct | 1.8.2 | — | — | — | Unknown |
|
plexapi
pypi
|
Direct | 4.17.1 | — | — | — | BSD-3-Clause |
|
pluggy
pypi
|
Direct | 1.6.0 | 1.6.0 | Current | — | MIT |
|
pycparser
pypi
|
Direct | 2.23 | 3.0.0 | — | — | BSD-3-Clause |
|
pyfakefs
pypi
|
Direct | 5.10.2 | — | — | — | Apache-2.0 |
|
pyfuse3
pypi
|
Direct | 3.4.0 | — | — | — | LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later |
|
pymediainfo
pypi
|
Direct | 7.0.1 | — | — | — | MIT |
|
pyperf
pypi
|
Direct | 2.9.0 | — | — | — | MIT |
|
pyrate-limiter
pypi
|
Direct | 2.10.0 | — | — | — | MIT |
|
pysocks
pypi
|
Direct | 1.7.1 | 1.7.1 | Current | — | BSD-3-Clause |
|
pysubs2
pypi
|
Direct | 1.8.0 | — | — | — | MIT |
|
pytest-mock
pypi
|
Direct | 3.15.1 | 3.15.1 | Current | — | MIT |
|
python-dateutil
pypi
|
Direct | 2.9.0.post0 | 2.9.0.post0 | Current | — | Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference |
|
pywin32
pypi
|
Direct | 311 | 311.0.0 | — | — | PSF-2.0 |
|
pyyaml
pypi
|
Direct | 6.0.3 | 6.0.3 | Current | — | MIT |
|
rank-torrent-name
pypi
|
Direct | 1.9.3 | — | — | — | MIT |
|
rebulk
pypi
|
Direct | 3.2.0 | — | — | — | MIT |
|
referencing
pypi
|
Direct | 0.37.0 | 0.37.0 | Current | — | MIT |
|
requests-mock
pypi
|
Direct | 1.12.1 | 1.12.1 | Current | — | Apache-2.0 |
|
requests-oauthlib
pypi
|
Direct | 2.0.0 | 2.0.0 | Current | — | ISC |
|
requests-ratelimiter
pypi
|
Direct | 0.7.0 | — | — | — | MIT |
|
scalar-fastapi
pypi
|
Direct | 1.4.3 | — | — | — | MIT |
|
SethCohen/github-releases-to-discord
githubactions
|
Direct | 1.13.1 | — | — | — | Unknown |
|
six
pypi
|
Direct | 1.17.0 | 1.17.0 | Current | — | MIT |
|
sniffio
pypi
|
Direct | 1.3.1 | 1.3.1 | Current | — | Apache-2.0 AND MIT |
|
socksio
pypi
|
Direct | 1.0.0 | 1.0.0 | Current | — | MIT |
|
sortedcontainers
pypi
|
Direct | 2.4.0 | 2.4.0 | Current | — | Apache-2.0 |
|
soupsieve
pypi
|
Direct | 2.8 | 2.8.4 | — | — | MIT |
|
sqla-wrapper
pypi
|
Direct | 6.0.0 | — | — | — | MIT |
|
srt
pypi
|
Direct | 3.5.3 | — | — | — | MIT |
|
stevedore
pypi
|
Direct | 5.5.0 | — | — | — | Apache-2.0 |
|
subliminal
pypi
|
Direct | 2.4.0 | — | — | — | MIT |
|
testcontainers
pypi
|
Direct | 4.13.2 | — | — | — | Apache-2.0 |
|
trakit
pypi
|
Direct | 0.2.5 | — | — | — | Unknown |
|
trio-util
pypi
|
Direct | 0.8.0 | — | — | — | Unknown |
|
types-lxml
pypi
|
Direct | 2025.8.25 | — | — | — | Apache-2.0 AND MIT |
|
typing-extensions
pypi
|
Direct | 4.15.0 | 4.15.0 | Current | — | Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD |
|
typing-inspection
pypi
|
Direct | 0.4.2 | 0.4.2 | Current | — | MIT |
|
tzdata
pypi
|
Direct | 2025.2 | 2026.2.0 | — | — | Apache-2.0 |
|
tzlocal
pypi
|
Direct | 5.3.1 | 5.3.1 | Current | — | MIT |
|
uvloop
pypi
|
Direct | 0.22.1 | 0.22.1 | Current | — | Apache-2.0 AND MIT |
|
webiny/action-conventional-commits
githubactions
|
Direct | 1.3.0 | — | — | — | Unknown |
|
win32-setctime
pypi
|
Direct | 1.2.0 | 1.2.0 | Current | — | MIT |
License Breakdown
MIT
67
Unknown
22
Apache-2.0
19
BSD-3-Clause
13
BSD-2-Clause AND BSD-3-Clause
10
Apache-2.0 AND MIT
7
BSD-2-Clause
3
Apache-2.0 AND BSD-2-Clause
2
MPL-2.0
2
PSF-2.0
2
(Apache-2.0 AND BSD-3-Clause) OR (Apache-2.0 AND MIT)
1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
1
Apache-2.0 OR (Apache-2.0 AND MIT)
1
BSD-2-Clause AND BSD-3-Clause AND MIT AND Python-2.0 AND Ruby
1
BSD-3-Clause AND GPL-1.0-or-later
1
CNRI-Python AND Apache-2.0
1
GPL-2.0-only
1
GPL-2.0-or-later
1
GPL-3.0-or-later AND LGPL-3.0 AND LGPL-3.0-only
1
ISC
1
LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later
1
LGPL-2.0-or-later AND LGPL-3.0-or-later
1
LGPL-2.1-or-later
1
MIT AND PSF-2.0 AND Python-2.0
1
MIT AND Python-2.0 AND Python-2.0.1
1
MIT-0
1
PSF-2.0 AND Python-2.0
1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
1
Unlicense
1
CVE Severity
critical
0
high
7
medium
5
low
1
unknown
0