GitHub repository

openai/chatkit-python

https://github.com/openai/chatkit-python (main)

Export SBOM

Import Notes 2 notes from dependency parsing

Scanned 2 dependency files in this repository.

Included 5 Python dependencies without an exact installed version; OSV matching requires a lockfile or exact pin.

10 Runtime Findings Confirmed in root/runtime dependency evidence

0 Non-Runtime Findings 0 critical/high packages in workspace, vendored, eval, test, docs, or unclear sources

5 Unverified Versions Inventoried, not counted as vulnerable

73 Clear Versions No OSV advisories for these exact package versions

Scan Diagnostics 10 affected versions · 15 advisories · 88 total package versions Show detailsHide details

88 Total Package Versions 10 confirmed affected, 5 unverified

4 Deepest Vulnerability Path dependency levels from the repository root

10 Runtime Candidate Findings 0 confirmed in non-runtime or unclear sources

7 Transitive Affected Packages 3 direct confirmed affected packages

3 Direct Affected Packages Closest fixes to prioritize first if exposure is runtime

4 Critical / High Packages 0 critical · 4 high across all exposure classes

Scanned Dependency Files 2 files · 64 transitive dependencies Show detailsHide details

The repository is the root. These files are the evidence sources used to build the aggregate dependency view.

uv.lock 83 components · 19 direct · 10 vulnerable

pyproject.toml 5 components · 5 direct · 0 vulnerable

Vulnerability Monitor

10 confirmed affected package versions · 15 unique advisories · 3 confirmed affected direct dependencies · 5 unverified package versions

CRITICAL 0 HIGH 4 MEDIUM 4 LOW 2 UNKNOWN 0

Confirmed findings require package ecosystem, package name, and exact installed version. Exposure labels separate advisory severity from where the dependency evidence came from, such as runtime, workspace, test, docs, or vendored eval files.

High 4 packages · 7 advisories Packages whose highest matched advisory is high.

python-multipart 0.0.20 · PyPI · direct Runtime Candidate uv.lock direct dependency

2 graphs available for this package version Shown at confirmed high advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

HIGH Runtime Candidate 2 advisories

mcp 1.16.0 · PyPI · transitive Runtime Candidate uv.lock transitive 2 levels deep

1 graph available for this package version Shown at confirmed high advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

HIGH Runtime Candidate 1 advisory

starlette 0.48.0 · PyPI · transitive Runtime Candidate uv.lock transitive 2 levels deep

1 graph available for this package version Shown at confirmed high advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

HIGH Runtime Candidate 1 advisory

urllib3 2.5.0 · PyPI · transitive Runtime Candidate uv.lock transitive 3 levels deep

3 graphs available for this package version Shown at confirmed high advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

HIGH Runtime Candidate 3 advisories

Medium 4 packages · 6 advisories Packages whose highest matched advisory is medium.

pytest 8.4.2 · PyPI · direct Runtime Candidate uv.lock direct dependency

1 graph available for this package version Shown at confirmed medium advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

MEDIUM Runtime Candidate 1 advisory

python-dotenv 1.1.1 · PyPI · transitive Runtime Candidate uv.lock transitive 4 levels deep

1 graph available for this package version Shown at confirmed medium advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

MEDIUM Runtime Candidate 1 advisory

requests 2.32.5 · PyPI · transitive Runtime Candidate uv.lock transitive 2 levels deep

1 graph available for this package version Shown at confirmed medium advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

MEDIUM Runtime Candidate 1 advisory

werkzeug 3.1.3 · PyPI · transitive Runtime Candidate uv.lock transitive 2 levels deep

3 graphs available for this package version Shown at confirmed medium advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

MEDIUM Runtime Candidate 3 advisories

Low and Unknown 2 packages · 2 advisories Packages with low or unknown advisory severity.

flask 3.1.2 · PyPI · direct Runtime Candidate uv.lock direct dependency

1 graph available for this package version Shown at confirmed low advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

LOW Runtime Candidate 1 advisory

pygments 2.19.2 · PyPI · transitive Runtime Candidate uv.lock transitive 2 levels deep

1 graph available for this package version Shown at confirmed low advisory severity with runtime candidate exposure evidence. Choose a graph to inspect the specific advisory and path.

LOW Runtime Candidate 1 advisory

SBOM Manifest

10 confirmed affected package versions, 5 unverified package versions, 73 clear package versions.

15 review rows · 73 clear hidden Show tableHide table

Component	Version	Ecosystem	Scope	Exposure	Source	Package URL	Status
python-multipart	0.0.20	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/python-multipart@0.0.20	HIGH 2 exact-version OSV advisories
Choose a graph for python-multipart@0.0.20 2 advisories HIGH GHSA-wp53-j4wj-2cfg Python-Multipart has Arbitrary File Write via Non-Default Configuration Fixed: 0.0.22 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise. MEDIUM GHSA-mj87-hwqh-73pj python-multipart affected by Denial of Service via large multipart preamble or epilogue data Fixed: 0.0.26 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
mcp	1.16.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mcp@1.16.0	HIGH 1 exact-version OSV advisory
Choose a graph for mcp@1.16.0 1 advisory HIGH GHSA-9h52-p55h-vw2f Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default Fixed: 1.23.0 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
starlette	0.48.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/starlette@0.48.0	HIGH 1 exact-version OSV advisory
Choose a graph for starlette@0.48.0 1 advisory HIGH GHSA-7f5h-v6xp-fcq8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse`` Fixed: 0.49.1 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
urllib3	2.5.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/urllib3@2.5.0	HIGH 3 exact-version OSV advisories
Choose a graph for urllib3@2.5.0 3 advisories HIGH GHSA-2xpw-w6gg-jr37 urllib3 streaming API improperly handles highly compressed data Fixed: 2.6.0 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise. HIGH GHSA-38jv-5279-wg99 Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) Fixed: 2.6.3 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise. HIGH GHSA-gm62-xv2j-4w53 urllib3 allows an unbounded number of links in the decompression chain Fixed: 2.6.0 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
pytest	8.4.2	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pytest@8.4.2	MEDIUM 1 exact-version OSV advisory
Choose a graph for pytest@8.4.2 1 advisory MEDIUM GHSA-6w46-j5rx-g56g pytest has vulnerable tmpdir handling Fixed: 9.0.3 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
python-dotenv	1.1.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/python-dotenv@1.1.1	MEDIUM 1 exact-version OSV advisory
Choose a graph for python-dotenv@1.1.1 1 advisory MEDIUM GHSA-mf9w-mj56-hr94 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback Fixed: 1.2.2 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
requests	2.32.5	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/requests@2.32.5	MEDIUM 1 exact-version OSV advisory
Choose a graph for requests@2.32.5 1 advisory MEDIUM GHSA-gc5v-m9x4-r6x2 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Fixed: 2.33.0 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
werkzeug	3.1.3	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/werkzeug@3.1.3	MEDIUM 3 exact-version OSV advisories
Choose a graph for werkzeug@3.1.3 3 advisories MEDIUM GHSA-29vq-49wr-vm6x Werkzeug safe_join() allows Windows special device names Fixed: 3.1.6 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise. MEDIUM GHSA-87hc-h4r5-73f7 Werkzeug safe_join() allows Windows special device names with compound extensions Fixed: 3.1.5 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise. MEDIUM GHSA-hgf8-39gv-g3f2 Werkzeug safe_join() allows Windows special device names Fixed: 3.1.4 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
flask	3.1.2	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/flask@3.1.2	LOW 1 exact-version OSV advisory
Choose a graph for flask@3.1.2 1 advisory LOW GHSA-68rp-wp8r-4726 Flask session does not add `Vary: Cookie` header when accessed in some ways Fixed: 3.1.3 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
pygments	2.19.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pygments@2.19.2	LOW 1 exact-version OSV advisory
Choose a graph for pygments@2.19.2 1 advisory LOW GHSA-5239-wwwm-4pmq Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching Fixed: 2.20.0 · Root dependency evidence; likely installed for normal use unless package metadata says otherwise.
jinja2		PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	pyproject.toml	pkg:pypi/jinja2	Unverified No exact installed version; not treated as vulnerable
openai		PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	pyproject.toml	pkg:pypi/openai	Unverified No exact installed version; not treated as vulnerable
openai-agents		PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	pyproject.toml	pkg:pypi/openai-agents	Unverified No exact installed version; not treated as vulnerable
pydantic		PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	pyproject.toml	pkg:pypi/pydantic	Unverified No exact installed version; not treated as vulnerable
uvicorn		PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	pyproject.toml	pkg:pypi/uvicorn	Unverified No exact installed version; not treated as vulnerable

Clear Dependencies 73 packages hidden Show clear packagesHide clear packages

Component	Version	Ecosystem	Scope	Exposure	Source	Package URL	Status
debugpy	1.8.17	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/debugpy@1.8.17	Clear No OSV advisories for this exact version
fastapi	0.118.0	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/fastapi@0.118.0	Clear No OSV advisories for this exact version
jinja2	3.1.6	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/jinja2@3.1.6	Clear No OSV advisories for this exact version
mkdocs	1.6.1	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs@1.6.1	Clear No OSV advisories for this exact version
mkdocs-gen-files	0.5.0	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs-gen-files@0.5.0	Clear No OSV advisories for this exact version
mkdocs-material	9.6.21	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs-material@9.6.21	Clear No OSV advisories for this exact version
mkdocstrings	0.30.1	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocstrings@0.30.1	Clear No OSV advisories for this exact version
mypy	1.18.2	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mypy@1.18.2	Clear No OSV advisories for this exact version
openai	1.109.1	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/openai@1.109.1	Clear No OSV advisories for this exact version
openai-agents	0.3.3	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/openai-agents@0.3.3	Clear No OSV advisories for this exact version
psycopg2-binary	2.9.10	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/psycopg2-binary@2.9.10	Clear No OSV advisories for this exact version
pydantic	2.11.10	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pydantic@2.11.10	Clear No OSV advisories for this exact version
pyright	1.1.406	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pyright@1.1.406	Clear No OSV advisories for this exact version
pytest-asyncio	1.2.0	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pytest-asyncio@1.2.0	Clear No OSV advisories for this exact version
ruff	0.9.2	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/ruff@0.9.2	Clear No OSV advisories for this exact version
uvicorn	0.37.0	PyPI	Direct	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/uvicorn@0.37.0	Clear No OSV advisories for this exact version
annotated-types	0.7.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/annotated-types@0.7.0	Clear No OSV advisories for this exact version
anyio	4.11.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/anyio@4.11.0	Clear No OSV advisories for this exact version
attrs	25.4.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/attrs@25.4.0	Clear No OSV advisories for this exact version
babel	2.17.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/babel@2.17.0	Clear No OSV advisories for this exact version
backports-asyncio-runner	1.2.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/backports-asyncio-runner@1.2.0	Clear No OSV advisories for this exact version
backrefs	5.9	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/backrefs@5.9	Clear No OSV advisories for this exact version
blinker	1.9.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/blinker@1.9.0	Clear No OSV advisories for this exact version
certifi	2025.10.5	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/certifi@2025.10.5	Clear No OSV advisories for this exact version
charset-normalizer	3.4.3	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/charset-normalizer@3.4.3	Clear No OSV advisories for this exact version
click	8.3.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/click@8.3.0	Clear No OSV advisories for this exact version
colorama	0.4.6	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/colorama@0.4.6	Clear No OSV advisories for this exact version
distro	1.9.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/distro@1.9.0	Clear No OSV advisories for this exact version
exceptiongroup	1.3.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/exceptiongroup@1.3.0	Clear No OSV advisories for this exact version
ghp-import	2.1.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/ghp-import@2.1.0	Clear No OSV advisories for this exact version
griffe	1.14.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/griffe@1.14.0	Clear No OSV advisories for this exact version
h11	0.16.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/h11@0.16.0	Clear No OSV advisories for this exact version
httpcore	1.0.9	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/httpcore@1.0.9	Clear No OSV advisories for this exact version
httpx	0.28.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/httpx@0.28.1	Clear No OSV advisories for this exact version
httpx-sse	0.4.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/httpx-sse@0.4.1	Clear No OSV advisories for this exact version
idna	3.10	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/idna@3.10	Clear No OSV advisories for this exact version
iniconfig	2.1.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/iniconfig@2.1.0	Clear No OSV advisories for this exact version
itsdangerous	2.2.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/itsdangerous@2.2.0	Clear No OSV advisories for this exact version
jiter	0.11.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/jiter@0.11.0	Clear No OSV advisories for this exact version
jsonschema	4.25.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/jsonschema@4.25.1	Clear No OSV advisories for this exact version
jsonschema-specifications	2025.9.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/jsonschema-specifications@2025.9.1	Clear No OSV advisories for this exact version
markdown	3.9	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/markdown@3.9	Clear No OSV advisories for this exact version
markupsafe	3.0.3	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/markupsafe@3.0.3	Clear No OSV advisories for this exact version
mergedeep	1.3.4	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mergedeep@1.3.4	Clear No OSV advisories for this exact version
mkdocs-autorefs	1.4.3	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs-autorefs@1.4.3	Clear No OSV advisories for this exact version
mkdocs-get-deps	0.2.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs-get-deps@0.2.0	Clear No OSV advisories for this exact version
mkdocs-material-extensions	1.3.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocs-material-extensions@1.3.1	Clear No OSV advisories for this exact version
mkdocstrings-python	1.18.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mkdocstrings-python@1.18.2	Clear No OSV advisories for this exact version
mypy-extensions	1.1.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/mypy-extensions@1.1.0	Clear No OSV advisories for this exact version
nodeenv	1.9.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/nodeenv@1.9.1	Clear No OSV advisories for this exact version
packaging	25.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/packaging@25.0	Clear No OSV advisories for this exact version
paginate	0.5.7	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/paginate@0.5.7	Clear No OSV advisories for this exact version
pathspec	0.12.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pathspec@0.12.1	Clear No OSV advisories for this exact version
platformdirs	4.4.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/platformdirs@4.4.0	Clear No OSV advisories for this exact version
pluggy	1.6.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pluggy@1.6.0	Clear No OSV advisories for this exact version
pydantic-core	2.33.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pydantic-core@2.33.2	Clear No OSV advisories for this exact version
pydantic-settings	2.11.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pydantic-settings@2.11.0	Clear No OSV advisories for this exact version
pymdown-extensions	10.16.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pymdown-extensions@10.16.1	Clear No OSV advisories for this exact version
python-dateutil	2.9.0.post0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/python-dateutil@2.9.0.post0	Clear No OSV advisories for this exact version
pywin32	311	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pywin32@311	Clear No OSV advisories for this exact version
pyyaml	6.0.3	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pyyaml@6.0.3	Clear No OSV advisories for this exact version
pyyaml-env-tag	1.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/pyyaml-env-tag@1.1	Clear No OSV advisories for this exact version
referencing	0.36.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/referencing@0.36.2	Clear No OSV advisories for this exact version
rpds-py	0.27.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/rpds-py@0.27.1	Clear No OSV advisories for this exact version
six	1.17.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/six@1.17.0	Clear No OSV advisories for this exact version
sniffio	1.3.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/sniffio@1.3.1	Clear No OSV advisories for this exact version
sse-starlette	3.0.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/sse-starlette@3.0.2	Clear No OSV advisories for this exact version
tomli	2.2.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/tomli@2.2.1	Clear No OSV advisories for this exact version
tqdm	4.67.1	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/tqdm@4.67.1	Clear No OSV advisories for this exact version
types-requests	2.32.4.20250913	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/types-requests@2.32.4.20250913	Clear No OSV advisories for this exact version
typing-extensions	4.15.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/typing-extensions@4.15.0	Clear No OSV advisories for this exact version
typing-inspection	0.4.2	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/typing-inspection@0.4.2	Clear No OSV advisories for this exact version
watchdog	6.0.0	PyPI	Transitive	Runtime Candidate Root dependency evidence; likely installed for normal use unless package metadata says otherwise.	uv.lock	pkg:pypi/watchdog@6.0.0	Clear No OSV advisories for this exact version