aiohttp[speedups]>=3.9.4
beautifulsoup4
cvss
defusedxml
distro
filetype>=1.2.0
gsutil
importlib_metadata>=3.6; python_version < "3.10"
importlib_resources; python_version < "3.9"
jinja2>=2.11.3
jsonschema>=3.0.2
lib4sbom==0.8.4 # Pinned due to bug.  Was lib4sbom>=0.7.2
lib4vex>=0.2.0
packageurl-python
packaging>=22.0
plotly
python-gnupg
pyyaml>=5.4
requests>=2.32.2
rich
rpmfile>=1.0.6
setuptools>=70.0.0 # pinned by Snyk to avoid a vulnerability
toml; python_version < "3.11"
urllib3>=2.2.2 # dependency of requests added explictly to avoid CVEs
xmlschema
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
zstandard; python_version >= "3.4"
