Dependency Analysis
starrocks
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
61%
Freshness
1804
Dependencies
466
Outdated
0
Stale
10.7
Avg Behind
Dependency List
Latest release 4.1.0
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
@babel/plugin-transform-modules-systemjs
npm
|
Transitive | 7.29.0 | 7.29.7 | 8 behind | 1 high | MIT |
|
mysql-connector-python
pypi
|
Direct | 9.0.0 | 9.7.0 | 7 behind | 1 high | GPL-3.0-or-later |
|
serialize-javascript
npm
|
Transitive | 6.0.2 | 7.0.5 | 6 behind | 2 high | BSD-3-Clause |
|
fast-uri
npm
|
Transitive | 3.1.0 | 3.1.2 | 2 behind | 2 high | BSD-3-Clause |
|
com.mysql:mysql-connector-j
maven
|
Direct | 8.0.33 | — | — | 1 high | Unknown |
|
io.grpc:grpc-netty-shaded
maven
|
Direct | 1.63.0 | — | — | 1 high | Apache-2.0 |
|
io.netty:netty-transport-native-epoll
maven
|
Direct | 4.1.132 | — | — | 1 high | Unknown |
|
org.apache.kafka:kafka-clients
maven
|
Direct | 3.9.1 | — | — | 2 high | Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 |
|
org.apache.thrift:libthrift
maven
|
Direct | 0.22.0 | — | — | 1 high | Apache-2.0 |
|
org.assertj:assertj-core
maven
|
Direct | 3.18.1 | — | — | 1 high | Apache-2.0 |
|
postcss
npm
|
Transitive | 8.5.9 | 8.5.15 | 6 behind | 1 medium | MIT |
|
com.fasterxml.jackson.core:jackson-core
maven
|
Direct | 2.15.0 | — | — | 1 medium | Apache-2.0 |
|
com.nimbusds:nimbus-jose-jwt
maven
|
Direct | 9.37.2 | — | — | 1 medium | Apache-2.0 |
|
commons-lang:commons-lang
maven
|
Direct | 2.6 | — | — | 1 medium | Apache-2.0 |
|
org.apache.commons:commons-lang3
maven
|
Direct | 3.3.2 | — | — | 1 medium | Apache-2.0 |
|
org.apache.logging.log4j:log4j-1.2-api
maven
|
Direct | 2.19.0 | — | — | 1 medium | Apache-2.0 |
|
org.apache.logging.log4j:log4j-core
maven
|
Direct | 2.17.1 | — | — | 3 medium | Apache-2.0 |
|
org.apache.logging.log4j:log4j-core
maven
|
Direct | 2.23.1 | — | — | 1 medium | Apache-2.0 |
|
org.apache.logging.log4j:log4j-layout-template-json
maven
|
Direct | 2.19.0 | — | — | 1 medium | Apache-2.0 |
|
commons-configuration:commons-configuration
maven
|
Direct | 1.6 | — | — | 1 low | Apache-2.0 |
License Breakdown
MIT
1025
Unknown
333
Apache-2.0
201
MIT-0
62
ISC
35
BSD-3-Clause
29
Apache-2.0 AND MIT
27
BSD-2-Clause
27
MPL-2.0
12
EPL-2.0
5
Apache-2.0 AND EPL-1.0 AND EPL-2.0
3
GPL-2.0-only WITH Classpath-exception-2.0
3
0BSD
2
Apache-2.0 AND BSD-2-Clause AND MIT
2
Apache-2.0 AND BSD-3-Clause AND MIT
2
BSD-2-Clause AND BSD-3-Clause
2
CC0-1.0
2
CC0-1.0 AND MIT
2
CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0
2
LicenseRef-scancode-oracle-free-2018
2
LicenseRef-scancode-unicode AND MIT
2
Apache-2.0 AND BSD-2-Clause AND LicenseRef-scancode-public-domain AND MIT
1
Apache-2.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0
1
Apache-2.0 AND CC-PDDC
1
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT)
1
BSD-2-Clause AND BSD-2-Clause-Views
1
BlueOak-1.0.0
1
CC-BY-4.0
1
CC0-1.0 OR MIT OR (CC0-1.0 AND MIT)
1
CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0
1
EPL-1.0
1
GPL-3.0-or-later
1
LGPL-2.1
1
LGPL-2.1 AND LGPL-2.1-or-later
1
LGPL-2.1+ AND LGPL-2.1-only AND LGPL-2.1-or-later
1
LicenseRef-scancode-generic-cla AND MIT
1
LicenseRef-scancode-jdom
1
LicenseRef-scancode-public-domain
1
LicenseRef-scancode-unknown-license-reference
1
MIT AND WTFPL
1
MIT OR (CC0-1.0 AND MIT)
1
MIT OR WTFPL OR (MIT AND WTFPL)
1
Python-2.0
1
CVE Severity
critical
0
high
10
medium
9
low
1
unknown
0