advisories

9,267 rows

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: platform, supported_until (date)

Link rowid ▼ platform organisation repo package_name version current_version package_manager package_file_path dep_types level advisory_type description supported_until eol_from
1 1 gitlab technottingham Hackbot hubot-pugme git+https://git@github.com/TechNottingham/hubot-pugme.git   npm package.json ["dependencies"] ERROR SECURITY Use of Git-based NPM dependencies have a number of supply chain security risks, and do not have the same level of predictability, immutability and security practices that using the official npm registry provides. For more details, see Socket Security's blog post https://socket.dev/blog/how-to-mitigate-the-risks-of-using-open-source-packages-with-git-dependencies    
2 2 github DDDEastMidlandsLimited dddem-web @babel/plugin-proposal-class-properties ^7.18.6 7.18.6 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
3 3 github DDDEastMidlandsLimited dddem-web node 20 v20.19.4 nvm .nvmrc [] ERROR DEPRECATED nodejs 20 has been unsupported (usually only receiving critical security fixes) for 275 days 2024-10-22 2026-04-30
4 4 github DDDEastMidlandsLimited dddem-web react ^18.3.1 18.3.1 npm package.json ["dependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
5 5 github IndiePass indiepass-android gradle 8.7 8.7 gradle-wrapper gradle/wrapper/gradle-wrapper.properties [] ERROR DEPRECATED gradle 8 is marked as unsupported (usually only receiving critical security fixes)    
6 6 github PaddleHQ paddle-js-wrapper eslint ^8.0.1 8.57.1 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
7 7 github PaddleHQ paddle-js-wrapper rollup-plugin-babel ^4.4.0 4.4.0 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
8 8 github PaddleHQ paddle-nextjs-starter-kit node 20 v20.19.4 nvm .nvmrc [] ERROR DEPRECATED nodejs 20 has been unsupported (usually only receiving critical security fixes) for 275 days 2024-10-22 2026-04-30
9 9 github PaddleHQ paddle-nextjs-starter-kit node >=20 v24.4.1 npm package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
10 10 github PaddleHQ paddle-node-sdk eslint-config-standard-with-typescript ^43.0.1 43.0.1 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
11 11 github PaddleHQ paddle-node-sdk node >=20 v24.4.1 npm package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
12 12 github alphagov pay-selfservice node 22.16.0 22.16.0 nvm .nvmrc [] ERROR DEPRECATED nodejs 22 is marked as unsupported (usually only receiving critical security fixes) 2025-10-21 2027-04-30
13 13 github alphagov pay-selfservice node 22.17.1-alpine3.21 22.17.1-alpine3.21 dockerfile Dockerfile ["final"] ERROR DEPRECATED nodejs 22 is marked as unsupported (usually only receiving critical security fixes) 2025-10-21 2027-04-30
14 14 github alphagov pay-selfservice node ^22.16.0 v22.17.1 npm package.json ["engines"] ERROR DEPRECATED nodejs 22 is marked as unsupported (usually only receiving critical security fixes) 2025-10-21 2027-04-30
15 15 github alphagov pay-selfservice sinon ^15.2.0 15.2.0 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
16 16 github alphagov pay-selfservice supertest ^6.3.3 6.3.4 npm package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
17 17 github clever microplane github.com/xanzy/go-gitlab v0.115.0 v0.115.0 gomod go.mod ["require"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
18 18 github cli cli github.com/pkg/errors v0.9.1 v0.9.1 gomod go.mod ["indirect"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
19 19 github cli cli github.com/poy/onpar v1.1.2 v1.1.2 gomod third-party/github.com/letsencrypt/boulder/go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
20 20 github cli cli github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 v9.5.3 gomod third-party/github.com/letsencrypt/boulder/go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
21 21 github cli cli github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 v9.5.3 gomod third-party/github.com/letsencrypt/boulder/go.mod ["require"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
22 22 github cloud-custodian cloud-custodian github.com/pkg/errors v0.9.1 v0.9.1 gomod tools/cask/go.mod ["indirect"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
23 23 github cloud-custodian cloud-custodian python <4.0.0,>=3.10.2 3.13.5 pep621 pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
24 24 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_awscc/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
25 25 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_azure/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
26 26 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_gcp/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
27 27 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_kube/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
28 28 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_left/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
29 29 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_mailer/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
30 30 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_oci/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
31 31 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_openstack/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
32 32 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_org/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
33 33 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_policystream/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
34 34 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_sphinxext/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
35 35 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_tencentcloud/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
36 36 github cloud-custodian cloud-custodian python <4.0.0,>=3.9.2 3.13.5 pep621 tools/c7n_terraform/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
37 37 github dagger dagger @eslint/js ^10.0.0 10.0.0 npm sdk/typescript/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
38 38 github dagger dagger github.com/golang/protobuf v1.5.3 v1.5.3 gomod docs/current_docs/api/snippets/documentation/go/go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
39 39 github dagger dagger github.com/golang/protobuf v1.5.4 v1.5.4 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
40 40 github dagger dagger github.com/pkg/errors v0.9.1 v0.9.1 gomod .dagger/go.mod ["indirect"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
41 41 github dagger dagger github.com/pkg/errors v0.9.1 v0.9.1 gomod modules/alpine/go.mod ["indirect"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
42 42 github dagger dagger github.com/pkg/errors v0.9.1 v0.9.1 gomod go.mod ["require"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
43 43 github dagger dagger node >=18 v24.4.1 npm sdk/typescript/package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
44 44 github dagger dagger node >=18.0 v24.4.1 npm docs/package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
45 45 github dagger dagger python 3.12 3.12 pyenv sdk/python/.python-version [] ERROR DEPRECATED python 3.12 has been unsupported (usually only receiving critical security fixes) for 113 days 2025-04-02 2028-10-31
46 46 github dagger dagger python >= 3.10 3.13.5 pep621 sdk/python/codegen/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
47 47 github dagger dagger python >=3.10 3.13.5 pep621 sdk/python/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
48 48 github dagger dagger python >=3.12 3.13.5 pep621 core/integration/testdata/modules/python/extended/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
49 49 github dagger dagger python >=3.12 3.13.5 pep621 core/integration/testdata/modules/python/git-dep/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
50 50 github dagger dagger python >=3.12 3.13.5 pep621 core/integration/testdata/modules/python/ifaces/.dagger/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
51 51 github dagger dagger python >=3.12 3.13.5 pep621 core/integration/testdata/modules/python/ifaces/impl/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
52 52 github dagger dagger python >=3.12 3.13.5 pep621 core/integration/testdata/modules/python/ifaces/test/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
53 53 github dagger dagger python >=3.12 3.13.5 pep621 dagql/idtui/viztest/python/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
54 54 github dagger dagger python >=3.12 3.13.5 pep621 docs/current_docs/api/snippets/modules/testing/python/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
55 55 github dagger dagger python >=3.12 3.13.5 pep621 docs/current_docs/quickstart/agent/snippets/part1/python/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
56 56 github dagger dagger python >=3.12 3.13.5 pep621 sdk/python/dev/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
57 57 github dagger dagger python >=3.12 3.13.5 pep621 sdk/python/runtime/template/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
58 58 github elastic beats github.com/Azure/azure-event-hubs-go/v3 v3.6.1 v3.6.1 gomod go.mod ["require"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
59 59 github elastic beats github.com/Azure/go-autorest/autorest/adal v0.9.24 v0.9.24 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
60 60 github elastic beats github.com/golang/protobuf v1.5.4 v1.5.4 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
61 61 github elastic beats github.com/pkg/errors v0.9.1 v0.9.1 gomod go.mod ["require"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
62 62 github elastic beats go.elastic.co/apm/module/apmelasticsearch/v2 v2.6.3 v2.6.3 gomod go.mod ["require"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
63 63 github elastic beats go.elastic.co/apm/module/apmhttp/v2 v2.6.3 v2.6.3 gomod go.mod ["require"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
64 64 github elastic beats go.elastic.co/apm/v2 v2.7.0 v2.7.0 gomod go.mod ["require"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
65 65 github elastic beats go.opentelemetry.io/otel/exporters/prometheus v0.59.0 v0.59.0 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
66 66 github elastic beats python 3.9.13 3.9.13 pyenv .python-version [] ERROR DEPRECATED python 3.9 has been unsupported (usually only receiving critical security fixes) for 1164 days 2022-05-17 2025-10-31
67 67 github elastic cloudbeat github.com/Azure/go-autorest/autorest/adal v0.9.24 v0.9.24 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
68 68 github elastic cloudbeat github.com/golang/protobuf v1.5.4 v1.5.4 gomod go.mod ["indirect"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
69 69 github elastic cloudbeat github.com/pkg/errors v0.9.1 v0.9.1 gomod go.mod ["indirect"] ERROR DEPRECATED pkg/errors is no longer necessary, as functionality exists in the Go standard library, or in better packages    
70 70 github elastic cloudbeat go.elastic.co/apm/module/apmelasticsearch/v2 v2.6.3 v2.6.3 gomod go.mod ["indirect"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
71 71 github elastic cloudbeat go.elastic.co/apm/module/apmhttp/v2 v2.7.1 v2.7.1 gomod go.mod ["indirect"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
72 72 github elastic cloudbeat go.elastic.co/apm/v2 v2.7.1 v2.7.1 gomod go.mod ["indirect"] ERROR DEPRECATED As noted in https://github.com/elastic/apm-agent-go, Elastic have deprecated the Go APM agent, and are instead recommending the move over to the OpenTelemetry Go SDK, which provides similar functionality, but requires a migration (https://www.elastic.co/blog/elastic-go-apm-agent-to-opentelemetry-go-sdk)    
73 73 github elastic cloudbeat python >=3.11 3.13.5 pep621 security-policies/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
74 74 github elastic cloudbeat python >=3.9 3.13.5 pep621 tests/pyproject.toml ["requires-python"] ERROR DEPRECATED python 3.13 is marked as unsupported (usually only receiving critical security fixes) 2026-10-01 2029-10-31
75 75 github elastic elasticsearch gradle 8.14.2 8.14.2 gradle-wrapper build-tools-internal/gradle/wrapper/gradle-wrapper.properties [] ERROR DEPRECATED gradle 8 is marked as unsupported (usually only receiving critical security fixes)    
76 76 github elastic elasticsearch gradle 8.14.2 8.14.2 gradle-wrapper gradle/wrapper/gradle-wrapper.properties [] ERROR DEPRECATED gradle 8 is marked as unsupported (usually only receiving critical security fixes)    
77 77 github elastic elasticsearch gradle 8.14.2 8.14.2 gradle-wrapper plugins/examples/gradle/wrapper/gradle-wrapper.properties [] ERROR DEPRECATED gradle 8 is marked as unsupported (usually only receiving critical security fixes)    
78 78 github elastic elasticsearch gradle 8.7 8.7 gradle-wrapper libs/simdvec/native/gradle/wrapper/gradle-wrapper.properties [] ERROR DEPRECATED gradle 8 is marked as unsupported (usually only receiving critical security fixes)    
79 79 github elastic eui @babel/plugin-proposal-class-properties ^7.18.6 7.18.6 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
80 80 github elastic eui @babel/plugin-proposal-object-rest-spread ^7.20.7 7.20.7 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
81 81 github elastic eui @cypress/react18 ^2.0.0 2.0.0 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
82 82 github elastic eui @faker-js/faker ^8.0.2 8.0.2 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
83 83 github elastic eui @types/classnames ^2.3.1 2.3.1 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
84 84 github elastic eui @types/vfile-message ^2.0.0 2.0.0 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
85 85 github elastic eui core-js ^3.6.5 3.6.5 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
86 86 github elastic eui eslint ^8.41.0 8.43.0 npm packages/eui-theme-borealis/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
87 87 github elastic eui eslint ^8.41.0 8.43.0 npm packages/eui-theme-common/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
88 88 github elastic eui eslint ^8.41.0 8.43.0 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
89 89 github elastic eui eslint ^8.57.0 8.57.1 npm packages/eslint-plugin/package.json ["devDependencies"] ERROR DEPRECATED Package is deprecated, according to package manager metadata    
90 90 github elastic eui node 16.x || 18.x || >=20.x v24.4.1 npm packages/eui/package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
91 91 github elastic eui node 20.15.1-slim 20.15.1-slim dockerfile packages/eui/scripts/docker-ci/Dockerfile ["final"] ERROR DEPRECATED nodejs 20 has been unsupported (usually only receiving critical security fixes) for 275 days 2024-10-22 2026-04-30
92 92 github elastic eui node 22.17.1 22.17.1 nvm .nvmrc [] ERROR DEPRECATED nodejs 22 is marked as unsupported (usually only receiving critical security fixes) 2025-10-21 2027-04-30
93 93 github elastic eui node >=18.0 v24.4.1 npm packages/website/package.json ["engines"] ERROR DEPRECATED nodejs 24 is marked as unsupported (usually only receiving critical security fixes) 2026-10-20 2028-04-30
94 94 github elastic eui react ^17.0 || ^18.0 18.3.1 npm packages/eui-theme-common/package.json ["peerDependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
95 95 github elastic eui react ^17.0 || ^18.0 18.3.1 npm packages/eui/package.json ["peerDependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
96 96 github elastic eui react ^17.0.2 17.0.2 npm packages/eui/package.json ["devDependencies"] ERROR DEPRECATED react 17 has been unsupported (usually only receiving critical security fixes) for 1213 days 2022-03-29  
97 97 github elastic eui react ^18 18.3.1 npm package.json ["resolutions"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
98 98 github elastic eui react ^18.0.0 18.3.1 npm packages/website/package.json ["dependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
99 99 github elastic eui react ^18.0.0 18.3.1 npm packages/docusaurus-theme/package.json ["peerDependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  
100 100 github elastic eui react ^18.2.0 18.3.1 npm packages/eui-theme-common/package.json ["devDependencies"] ERROR DEPRECATED react 18 has been unsupported (usually only receiving critical security fixes) for 231 days 2024-12-05  

Next page

Advanced export

JSON shape: default, array, newline-delimited

CSV options: 

CREATE TABLE advisories (
  -- what platform hosts the source code that this Advisory was produced for?
  -- i.e. `github`, `gitlab`, `gitea`, etc
  --
  -- See also: https://dmd.tanna.dev/concepts/repo-key/#platform
  --
  -- Foreign keys:
  -- - `renovate.platform`
  --
  -- TODO: restore SBOM support
  -- https://gitlab.com/tanna.dev/dependency-management-data/-/issues/596
  platform TEXT NOT NULL,
  -- what organisation manages the source code that this Advisory was produced
  -- for? Can include `/` for nested organisations
  --
  -- See also: https://dmd.tanna.dev/concepts/repo-key/#organisation
  --
  -- Foreign keys:
  -- - `renovate.organisation`
  --
  -- TODO: restore SBOM support
  -- https://gitlab.com/tanna.dev/dependency-management-data/-/issues/596
  organisation TEXT NOT NULL,
  -- what repo manages the source code that this Advisory was produced
  -- for?
  --
  -- See also: https://dmd.tanna.dev/concepts/repo-key/#repo
  --
  -- Foreign keys:
  -- - `renovate.repo`
  --
  -- TODO: restore SBOM support
  -- https://gitlab.com/tanna.dev/dependency-management-data/-/issues/596
  repo TEXT NOT NULL,

  -- what package is this Advisory for?
  --
  -- Foreign keys:
  -- - `renovate.package_name`
  -- - `sboms.package_name`
  package_name TEXT NOT NULL,
  -- version indicates the version of `package_name` that this Advisory
  -- is for.
  --
  -- NOTE this could be a version constraint, such as any of:
  --
  --   <=1.3.4,>=1.3.0
  --   "~> 0.9"
  --   latest
  --   ^2.0.6
  --   =1.0.4
  --
  -- As well as a specific value, such as:
  --
  --   1.0.4
  --   10
  --   latest
  --
  -- This versioning will be implementation-specific for the `package_manager` in use.
  --
  -- Foreign keys:
  -- - `renovate.version`
  -- - `sboms.version`
  version TEXT NOT NULL,
  -- current_version defines the current version that this package's `version`
  -- resolves to.
  --
  -- If the `version` is an exact version number, such as `1.0.4`, then
  -- `current_version` will usually be the same value, `1.0.4`.
  --
  -- If the `version` is a version constraint, then this column MAY indicate
  -- the exact version that was resolved at the time of dependency analysis.
  --
  -- Foreign keys:
  -- - `renovate.current_version`
  -- - `sboms.current_version`
  current_version TEXT,
  -- package_manager indicates the package manager that the Advisory
  -- will correspond to.
  --
  -- Based on which datasource(s) (https://dmd.tanna.dev/concepts/datasource/)
  -- you are using, this will be a different value:
  --
  -- - for Renovate data, must exactly match `renovate.package_manager`.
  --   Note that there may be multiple `package_managers`, for instance `maven`
  --   and `gradle`, which would require two rows.
  -- - for Software Bill of Materials (SBOM) data, must exactly match `sboms.package_type`
  --
  -- If you are using multiple datasources, you will have one row per
  -- `package_manager` that this Advisory matches.
  --
  -- Foreign keys:
  -- - `renovate.package_manager`
  -- - `sboms.package_type`
  package_manager TEXT NOT NULL,
  -- package_file_path defines the path within `repo` that defines the
  -- `package_name` as a dependency. For example:
  --
  --   .github/workflows/build.yml
  --   go.mod
  --   build/Dockerfile
  --
  -- NOTE that this may be empty
  -- (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/396)
  --
  -- Foreign keys:
  -- - `renovate.package_file_path`
  -- - `sboms` does not have this field
  package_file_path TEXT NOT NULL,
  -- dep_types defines the different dependency types that may be in use. This
  -- will always be a JSON array, with 0 or more string elements. For example:
  --
  --   []
  --   ["action"]
  --   ["dependencies","lockfile"]
  --   ["dependencies","missing-data"]
  --   ["lockfile","lockfile-yarn-pinning-^21.1.1"]
  --   ["engines"]
  --
  -- Based on which datasource(s) (https://dmd.tanna.dev/concepts/datasource/)
  -- you are using, this will have different values and meanings.
  --
  -- TODO Querying this column will be found documented in
  -- https://gitlab.com/tanna.dev/dependency-management-data/-/issues/288
  --
  -- NOTE that in the future these there will be a more consistent naming
  -- structure for these
  -- (https://gitlab.com/tanna.dev/dependency-management-data/-/issues/379)
  --
  -- Foreign keys:
  -- - `renovate.package_file_path`
  -- - `sboms` does not have this field
  dep_types TEXT NOT NULL,

  -- level defines the severity of the Advisory. This will be
  -- organisation-specific in terms of what you deem most critical, but an
  -- example of what this could look like is:
  --
  --   ERROR: "Use of AGPL-3.0 licensed dependencies anywhere is a high-severity"
  --   WARN:  "Using a dependency that hasn't been updated in 1 year should be avoided"
  level TEXT NOT NULL
    CHECK (
      level IN (
        'ERROR',
        'WARN'
      )
    ),
  -- advisory_type defines the type of Advisory
  -- (https://dmd.tanna.dev/concepts/advisory/) that this Advisory will
  -- flagged as.
  advisory_type TEXT NOT NULL
    CHECK (
      advisory_type IN (
        -- the dependency is deprecated, and should ideally be replaced
        'DEPRECATED',
        -- the dependency is no longer maintained
        'UNMAINTAINED',
        -- there is a security issue with this dependency
        'SECURITY',
        -- there is organisational policy that recommends awareness of the use
        -- of this dependency
        'POLICY',
        -- there is no other `advisory_type` that makes sense for this type. If
        -- you feel there should be, please raise an issue on the issue tracker
        -- (https://gitlab.com/tanna.dev/dependency-management-data/-/issues)
        'OTHER'
      )
    ),
  -- description is a human-readable explanation of why this advisory is being
  -- flagged. The contents will be shown verbatim to a user, and will not be
  -- interpreted as markup. This can be as long and detailed as you wish, and
  -- is recommended to include links to (internal) documentation around the
  -- finding, any known remediation actions, and communication channels to
  -- reach out to for information.
  description TEXT NOT NULL,

  -- supported_until describes the date that this dependency is (actively)
  -- supported until
  --
  -- NOTE: that this is only relevant for `UNMAINTAINED` or `DEPRECATED` advisories
  supported_until TEXT,
  -- eol_from describes the date that this dependency will be marked as End of
  -- Life, and will no longer be maintained from
  --
  -- NOTE: that this is only relevant for `UNMAINTAINED` or `DEPRECATED` advisories
  eol_from TEXT,

  UNIQUE (platform, organisation, repo, package_file_path, package_name, package_manager, dep_types, level, advisory_type, description) ON CONFLICT REPLACE
);