2024-06-06T13:26:14Z OWASP Foundation CycloneDX Maven plugin 2.7.7 436dfb24c63a322708e4a5143d8543af 3ef2e8728dc9eff2f129c34057e46e9d2b10629a c185b79bf0f9264f43bc8c222c44db67bea275bb727e3327cf9aea6bf45292c9 41488733e31e6c5315327dcc86187c2b9a6b96cd08f7e2157ce130688afde29c313fc6a73edb8a76333a930c78874aa2eac874448920030c0f7af0ac05e65ced f9462f86240fd9fc0942f34981e6d2371f252aa1a4e5e8c3c14e7f0f1a4e4de69ef972e51cf09a749afb6d97c13e67ed The Apache Software Foundation org.apache.flink flink-sql-parser 1.19.1 The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. Apache-2.0 pkg:maven/org.apache.flink/flink-sql-parser@1.19.1?type=jar https://flink.apache.org/flink-table/flink-sql-parserhttps://repository.apache.org/service/local/staging/deploy/maven2https://mail-archives.apache.org/mod_mbox/www-announce/https://github.com/apache/flink/flink-table/flink-sql-parser makeBom compile,provided,runtime,system The Apache Software Foundation org.apache.flink flink-annotations 1.19.1 The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. required ce5937a2a17a1cacd2d9339650095a20 c2dedfcd148388840dba5d253cb04b6c56b5ea0d ca2dcadc05a85451112599208f29536206ec697e7f63cb902c6cdfc787f169f6 76ff5bd3aa7e3f09379215f669f8ea506d948d7dda500e6f11936076260c02672ce849bb5ebc56973d812f570bf7dfaafc2e6e730bae26a6ef3e8de8bcd9d9a9 615f4281884e70368bc24fb5b6a65ab8e64aa05ebb2b74dcfd97406f4519f33ce0c047f7596cfd1f3686e466dbd78022 Apache-2.0 pkg:maven/org.apache.flink/flink-annotations@1.19.1?type=jar https://flink.apache.org/flink-annotationshttps://repository.apache.org/service/local/staging/deploy/maven2https://mail-archives.apache.org/mod_mbox/www-announce/https://github.com/apache/flink/flink-annotations com.google.guava guava 32.1.3-jre Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more. required adc3cf557a48d15cb71be90948558923 0f306708742ce2bf0fb0901216183bc14073feae 6d4e2b5a118aab62e6e5e29d185a0224eed82c85c40ac3d33cf04a270c3b3744 f575321aa79046f2c12bdf9895db7e235cbaaa8e913389ae48ec4bb5f387d6bf066ed98c5f2c7854bf0c56bb38b59b005ca3c16d68e314743491a223a18cee47 efd979f8c807eb973c7bb2edcede11c2881db4232147bb94069701fc002b1c336651aa3347858e3ba25cb89f3df69428 Apache-2.0 pkg:maven/com.google.guava/guava@32.1.3-jre?type=jar https://github.com/google/guavahttps://github.com/google/guava/actionshttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/google/guava/issueshttps://github.com/google/guava/guava com.google.guava failureaccess 1.0.1 Contains com.google.common.util.concurrent.internal.InternalFutureFailureAccess and InternalFutures. Most users will never need to use this artifact. Its classes is conceptually a part of Guava, but they're in this separate artifact so that Android libraries can use them without pulling in all of Guava (just as they can use ListenableFuture by depending on the listenablefuture artifact). 091883993ef5bfa91da01dcc8fc52236 1dcf1de382a0bf95a3d8b0849546c88bac1292c9 a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26 f8d59b808d6ba617252305b66d5590937da9b2b843d492d06b8d0b1b1f397e39f360d5817707797b979a5bf20bf21987b35333e7a15c44ed7401fea2d2119cae 67659dbd9647ec303d7f15128dc9dba19b98fd8d74758ee3b602451e32c855e236ccaafe08edf4bbfa245f981268440f Apache-2.0 pkg:maven/com.google.guava/failureaccess@1.0.1?type=jar https://github.com/google/guava/failureaccesshttps://travis-ci.org/google/guavahttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/google/guava/issueshttps://github.com/google/guava/failureaccess com.google.guava listenablefuture 9999.0-empty-to-avoid-conflict-with-guava An empty artifact that Guava depends on to signal that it is providing ListenableFuture -- but is also available in a second "version" that contains com.google.common.util.concurrent.ListenableFuture class, without any other Guava classes. The idea is: - If users want only ListenableFuture, they depend on listenablefuture-1.0. - If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-... version number is enough for some build systems (notably, Gradle) to select that empty artifact over the "real" listenablefuture-1.0 -- avoiding a conflict with the copy of ListenableFuture in guava itself. If users are using an older version of Guava or a build system other than Gradle, they may see class conflicts. If so, they can solve them by manually excluding the listenablefuture artifact or manually forcing their build systems to use 9999.0-.... d094c22570d65e132c19cea5d352e381 b421526c5f297295adef1c886e5246c39d4ac629 b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99 c5987a979174cbacae2e78b319f080420cc71bcdbcf7893745731eeb93c23ed13bff8d4599441f373f3a246023d33df03e882de3015ee932a74a774afdd0782f caff9b74079f95832ca7f6029346b34b606051cc8c5a4389fac263511d277ada0c55f28b0d43011055b268c6eb7184d5 Apache-2.0 pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava?type=jar https://github.com/google/guava/listenablefuturehttps://travis-ci.org/google/guavahttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/google/guava/issueshttps://github.com/google/guava/listenablefuture Google LLC com.google.errorprone error_prone_annotations 2.21.1 Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. 75fe4fe33d308dd6cee3b601de902d27 6d9b10773b5237df178a7b3c1b4208df7d0e7f94 d1f3c66aa91ac52549e00ae3b208ba4b9af7d72d68f230643553beb38e6118ac 530318bcdf1ed8eeee408fc5a0775f1792cbf012b4ec55217a4498c8d2983b230a4d071b9e115565b0411faa51dd938823d9b619beb6786212c375ad3d1ebd8a 88e628431966a9b5cc19f96159874cefde1558e51d2ce233a0c2d47914eb9c6256f95882605a87cc6629a21ff70b72b4 Apache-2.0 pkg:maven/com.google.errorprone/error_prone_annotations@2.21.1?type=jar https://errorprone.info/error_prone_annotationshttps://github.com/google/error-prone/error_prone_annotations com.google.j2objc j2objc-annotations 2.8 A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. c50af69b704dc91050efb98e0dff66d1 c85270e307e7b822f1086b93689124b89768e273 f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed f8263868a792b41707c9e7fe6fa5650a14cd93fbeafad20efe3772a3058fc933eb59782ec59e6eb9b9c569aa96da80134ae9fdf7547b69c44a97087efddceeff e6087ec31fec8289158496ad2ed6ce8472d5d513808a312e0782cedac3b86c37a62a63c0b5ea3839491d109fe9e148a1 Apache-2.0 pkg:maven/com.google.j2objc/j2objc-annotations@2.8?type=jar https://github.com/google/j2objc/https://oss.sonatype.org/service/local/staging/deploy/maven2/http://svn.sonatype.org/spice/trunk/oss/oss-parent-9/j2objc-annotations org.apache.calcite calcite-core 1.32.0 Core Calcite APIs and engine required 0bdb47d8d02d2dfe44473557fd097a04 984545fa6d4c4d141a6f488d170df55ad1312be1 7fba117d53393d363198294ab04271ac41deca766f5bbc80973a71e3e562311c 1c0181760e182aac89cccbcdd794099abc2d2123494565044be62c6b09b77efbdd02a6044793266939fc553acc6161eb53052c078aebe61a5834588657886259 a7148374ddf670cdef4677278ebb230395a54f4ac4efdd8db48a565e7c06b32734397792b437d3a216f68542e7f16143 Apache-2.0 pkg:maven/org.apache.calcite/calcite-core@1.32.0?type=jar https://calcite.apache.orghttps://issues.apache.org/jira/browse/CALCITEhttps://lists.apache.org/list.html?dev@calcite.apache.orghttps://github.com/apache/calcite org.apache.calcite.avatica avatica-core 1.22.0 JDBC driver framework required 3810fc5f9b3c618c4bf58c08254e6efc bc9b74c057f16201262e7c3cceb66e9e60e41cb9 9cc97d76e7dda1478e417d1e63e877ba17efbf11a87bba3a5f2fdc495ab8da7f 48ce7e20f3e65c9af88109e8b1bc676c9950c74bd92b28d116064776258772845e28f49f2e89aa3ab3b716b8ac00868968070921e7fe6b765cb8b85f983c5455 68d99e45e576b63e005f41a032520cb21962e12ca2b623a6c903cca24cd885848c62d2e39d6b86febd70f2faa982dfe9 Apache-2.0 pkg:maven/org.apache.calcite.avatica/avatica-core@1.22.0?type=jar https://calcite.apache.org/avaticahttps://issues.apache.org/jira/browse/CALCITEhttps://lists.apache.org/list.html?dev@calcite.apache.orghttps://github.com/apache/calcite-avatica org.apiguardian apiguardian-api 1.1.2 @API Guardian 8c7de3f82037fa4a2e8be2a2f13092af a231e0d844d2721b0fa1b238006d15c6ded6842a b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38 d7ccd0e7019f1a997de39d66dc0ad4efe150428fdd7f4c743c93884f1602a3e90135ad34baea96d5b6d925ad6c0c8487c8e78304f0a089a12383d4a62e2c9a61 5ae11cfedcee7da43a506a67946ddc8a7a2622284a924ba78f74541e9a22db6868a15f5d84edb91a541e38afded734ea Apache-2.0 pkg:maven/org.apiguardian/apiguardian-api@1.1.2?type=jar https://github.com/apiguardian-team/apiguardianhttps://github.com/apiguardian-team/apiguardian org.checkerframework checker-qual 3.12.0 checker-qual contains annotations (type qualifiers) that a programmer writes to specify Java code for type-checking by the Checker Framework. ab1ae0e2f2f63601597a5a96fca8a54f d5692f0526415fcc6de94bb5bfbd3afd9dd3b3e5 ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb ff20c424e130c31c30b4f4f5b4374f8f98f94ddae2b123f3c213f147be6b3de57854ee5651b02dd97d352c1c1df2a8bfeef73d5307a71372f46a6002eab24d78 60641d5967c60154359437cf49d8b0c14e7c1d876ab1fff4932590b19edcad0e65975299004ac896fb190f45b69ef1a1 MIT pkg:maven/org.checkerframework/checker-qual@3.12.0?type=jar https://checkerframework.orghttps://github.com/typetools/checker-framework.git The Apache Software Foundation org.apache.flink flink-shaded-force-shading 17.0 The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. optional 6890ff555c82f3bb156cf9c73bf09cf9 345c153973a17fb8a98d368352e14893edcbd610 dcc7dff160a40b74fa5db2805b2004153ffd0517968f3c7843a8ee43be82e710 9de23513832248618b78e279c0e3900f5cafb7193254ef6818b4f0b6f3b70045dd9cc4fdd13caeeca8b70a44f38201ce055f07248cdf08930a20e1b7a73997ff 063611872b4b1a1718e0472e32198bded0d74fa656e5c47a7b20038cd5ff70106e3109b60fe882880feea486e1ef83bf Apache-2.0 pkg:maven/org.apache.flink/flink-shaded-force-shading@17.0?type=jar http://flink.apache.org/flink-shaded-force-shadinghttps://repository.apache.org/service/local/staging/deploy/maven2https://mail-archives.apache.org/mod_mbox/www-announce/https://github.com/apache/flink-shaded/flink-shaded-force-shading QOS.ch org.slf4j slf4j-api 1.7.36 The slf4j API required 872da51f5de7f3923da4de871d57fd85 6c62681a2f655b49963a5983b8b0950a6120ae14 d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 f9b033fc019a44f98b16048da7e2b59edd4a6a527ba60e358f65ab88e0afae03a9340f1b3e8a543d49fa542290f499c5594259affa1ff3e6e7bf3b428d4c610b 2b14ad035877087157e379d3277dcdcd79e58d6bdb147c47d29e377d75ce53ad42cafbf22f5fb7827c7e946ff4876b9a MIT https://opensource.org/licenses/MIT pkg:maven/org.slf4j/slf4j-api@1.7.36?type=jar http://www.slf4j.orghttps://oss.sonatype.org/service/local/staging/deploy/maven2/https://github.com/qos-ch/slf4j/slf4j-api com.google.code.findbugs jsr305 1.3.9 JSR305 Annotations for Findbugs required 1d5a772e400b04bb67a7ef4a0e0996d8 40719ea6961c0cb6afaeb6a921eaa1f6afd4cfdf 905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed 06da282cfd8e30d9f8cf17702b8709172b00e22b75a627a1d85f8989615b8a1a401bc25d9aee7b14aed1d9b5df73bf2ea8d66f9c8468d9577c29f0ccfa2cc70a 56e6b41ef62eb5edfed0203802cefae9c2df86388148e420bb0c687abb2b80e14d5c2a82d5b35dce4badaf148f94eada Apache-2.0 pkg:maven/com.google.code.findbugs/jsr305@1.3.9?type=jar http://findbugs.sourceforge.net/http://findbugs.googlecode.com/svn/trunk/